A list for people interested in developing the OVAL language.
View all threadsHello everybody,
let me present a tool that I have heard many to request in the past -
the interactive visualizer of OVAL results [1].
Have you ever encountered a rule that has more than one level of
criteria in its OVAL definition? Or a rule that makes use of
extend_definition?
Of course you had encountered such rules.
And what do you do when a scan of such a complex rule passes or fails
unexpectedly?
The answer to that question probably got much simpler - you can use the
open-source, cross-platform oval-graph CLI tool [2].
This command consumes the rule name (or regular expression of thereof)
and the ARF file, which is one of the possible standardized formats for
SCAP-compatible scanner results. And then it generates a visualization
that pops up in a web browser.
The OVAL as Graph project [2] is easy to install on Python3 systems
using the standard pip Python package manager. An RPM package also
exists for Fedora [3] and the EPEL repository.
We have tested the tool with the OpenSCAP scanner, but it should be
compatible with other scanners as well - give it a shot and reach back
to us!
You can read more on Compliance As Code Blog [4], where you can leave
comments, and we also look forward to pull request or issues that you
can open in the repository [2].
Regards,
Matej
References:
[1]:
https://protect-us.mimecast.com/s/CZ5cCW6K5kHj6AnYi6JMfO?domain=raw.githubusercontent.com
[2]: https://protect-us.mimecast.com/s/MbLfCXDXgmCn4xLNhVrmOI?domain=github.com
[3]: https://protect-us.mimecast.com/s/-9IuCYEYjoS3DzyZi9SI1v?domain=src.fedoraproject.org
[4]:
https://protect-us.mimecast.com/s/ivSDCZ6GkqHM73WRty_GmN?domain=complianceascode.github.io