[OVAL DEVELOPER] Schema proposal for Docker
mpreisle at redhat.com
Fri Aug 12 10:44:06 EDT 2016
----- Original Message -----
> From: "William Munyan" <William.Munyan at cisecurity.org>
> To: "David Solin" <solin at jovalcm.com>
> Cc: "oval developer" <oval_developer at lists.cisecurity.org>, "Oval" <oval at cisecurity.org>
> Sent: Thursday, August 11, 2016 2:31:33 PM
> Subject: Re: [OVAL DEVELOPER] Schema proposal for Docker
> The shell command stuff and SUSE should have been removed as part of the
> commits/pull requests etc…. I had a request to separate out the SUSE, Shell
> Command stuff so I removed them. It is very possible I did something wrong
> via Git, but the only files in the PR should pertain to Docker.
thanks for your proposal, it looks very interesting. I am also working on a
container proposal and there is a lot of overlap. I suggest we work together
to fulfill all the use-cases.
My PR with notes: https://github.com/OVALProject/Sandbox/pull/147
I also provided some notes in the PR you submitted:
My main use-case is being able to generate container image CVE feeds similar
to what is done with RPM or DPKG CVE feeds today. For that I need to query
container labels and container signatures via OVAL.
I am on PTO, I will be back at the end of August to provide more feedback
and patches to your XSD :-)
Identity Management and Platform Security | Red Hat, Inc.
More information about the OVAL_Developer