OpenSCAP Scanner

OpenSCAP is a command line utility for working with the Security Content Automation Protocol (SCAP).

Object Representation (YAML)

id: String
name: String
type: String
depends: [String]
tags: [String]
condition: Boolean
each: Array
while: String
until: String
verbosity: String
ignore_errors: Boolean
tool_options: Object
properties:
  module: String
  credential: String
  username: String
  host: String
  port: Number
  operation: String
  profile: String
  results: String
  results_arf: String
  report: String
  resolve_output_file: String
  output: String
  syschar_path: String
  name: String
  match: String
  source: String
  target: String
  xccdf_results: String
  oval_results: String
  cvss_vector: String
  report_id: String
  cve_data: String
  cve: String
  submodule: String
  submodule_options: String
  args: String
  oval_definitions: String
  path: String

Fields

Property	Details
`id` *	String A unique identifier for the step. Can contain hyphens and underscores, but not spaces.
`name` *	String A friendly name for the step. This name will appear in the pipeline designer and run output.
`type` *	String The type of the step. Can be `pipeline` or a step module type.
`depends[]`	[String] A list of dependencies of this step. This step will not be executed until all steps with `id`s in this list are finished executing.
`tags[]`	[String] Tags are used to group related steps. Steps with the same tag can be retrieved using the `findStepsByTag()` helper function. Can contain hyphens and underscores, but not spaces.
`condition`	Boolean An expression which is evaluated before the step executes. If it evaluates to false, the step will be skipped. The `step.result.status` field will be "Skipped".
`each`	Array An expression which evaluates to an array. It is evaluated once before the first iteration. There will be one iteration for each element of the array. An empty array (`[]`) will results in no iterations being executed.
`while`	String A boolean expression evaluated before each iteration. When the expression evaluates to `false`, iteration stops. If `false` before the first iteration, no iterations will be executed.
`until`	String A boolean expression evaluated after each iteration. When the expression evaluates to `true`, iteration stops. The first iteration will always be excuted with no regard for the value of the expression.
`verbosity`	String Step event verbosity. Determines how much information about step execution is sent back to the application.
`ignore_errors`	Boolean If `true`, errors in the step module will not halt pipeline execution, and subsequent steps will still be executed. The `step.result.status` field will be "Failed" if the step encounters an error.
`tool_options`	Object -
`properties.module` *	String `oscap` module, such as `xccdf` or `oval`.
`properties.credential`	String The ID of a SSH Key credential for authentication with the remote machine. Required only for eval and collect operations.
`properties.username`	String Remote username. Required only for `eval` and `collect` operations.
`properties.host`	String Remote host IP address. Required only for `eval` and `collect` operations.
`properties.port`	Number Remote machine SSH port. Required only for `eval` and `collect` operations.
`properties.operation`	String Module operation, such as `eval` or `generate`.
`properties.profile`	String Particular profile from XCCDF document.
`properties.results`	String File to which the OpenSCAP operation result will be written. Required with `analyse` operation.
`properties.results_arf`	String File to which the OpenSCAP operation result will be written in Asset Reporting Format.
`properties.report`	String File to which HTML report will be written.
`properties.resolve_output_file`	String File to which the resolve operation result will be written.
`properties.output`	String File to which the OpenSCAP operation output (guide/report/custom) will be written instead of standard output.
`properties.syschar_path`	String File to which the OVAL system characteristic will be written.
`properties.name`	String Check whether name is in correct CPE format.
`properties.match`	String Find an exact match of CPE name in the dictionary.
`properties.source`	String Source datastream or source XCCDF for `sds-compose` operation.
`properties.target`	String Target datastream or target directory depending on selected `oscap` operation.
`properties.xccdf_results`	String XCCDF results for result datastream.
`properties.oval_results`	String OVAL results for result datastream.
`properties.cvss_vector`	String Base CVSS vector.
`properties.report_id`	String RDS report id.
`properties.cve_data`	String CVE data feed.
`properties.cve`	String CVE to find in data feed.
`properties.submodule`	String Operation submodule. Used with `generate` operation.
`properties.submodule_options`	String Submodule options. Used with `generate` operation.
`properties.args`	String Extra command line arguments to pass to `oscap`.
`properties.oval_definitions`	String OVAL definitions files.
`properties.path`	String Path to `oscap` input file.

Result Fields

The following are the step execution result fields available at steps.<step id>.result after a step executes.

Key Details

Key	Details
`result.status`	String A string indicating the step execution status. Can be Succeeded, Failed, or Skipped.

result.status

String

A string indicating the step execution status. Can be Succeeded, Failed, or Skipped.

OpenSCAP Scanner

Object Representation (YAML)

Fields

Result Fields

Product

Legal