Hi Simon, I am surprised that SCAPtimony did not get traction as well.
when you say "To this day, I am surprised there is no lean and functional microservice to store, query and postprocess SCAP results. " What would you suggest? I ask because it seems like there is a discussion about a lean microservice (to start with) and then a discussion about a larger application or framework which can then make use of the stored data. Personally, I don't think these two discussions conflict. I think they are describing the first small step to a microservice and then maybe to something larger after that. But I would be interested to hear your thoughts on this. --------------- Luke Salsich On Fri, Feb 2, 2018 at 8:21 AM, Šimon Lukašík <sluka...@redhat.com> wrote: > Hello, > > As original author of SCAPtimony, I feel urged to come in and say here > is my $0.02 coin. > > After spending some time on OpenSCAP development, I started wondering > where all the results of the scans go. I thought there has to be immense > need to make sense of the data organizations have and make a use of it. > For instance scan-result-diff in Satellite 5 was highly regarded at the > time. The other idea was to waive certain rule on certain system. And > there were more ideas like that. > > Unfortunately, SCAPtimony project did not receive a traction I hoped > for. And hence the development stopped. Later on, Satellite 6 absorbed > SCAPtimony code, so community can no longer leverage what they did since. > > To this day, I am surprised there is no lean and functional microservice > to store, query and postprocess SCAP results. I am still ready, to make > the SCAPtimony fly, but I would need a funding. > > -- > > The standardization was also mentioned in the thread, so let me share my > view on that as well. I think the standardization is great in theory. I > was huge fun of standardizations after coming out from uni. However, > after few years I realized that it is extremely hard to write standards > that are comprehensive and usable at the same time. > > The way you can write good standard is to learn first. Let the > businesses or independent actors come up with few solutions, notice > similarities, standardize them. Let the businesses adopt that and > iterate again. > > To return back to the topic. Parsing XML to SQL models/tables is great > idea and many freshmen would certainly love to jump on it. My gut tells > me, however, this is not the best (or sensible) way. I sometimes > struggle to describe why my gut says what it says, but consider > following: If I were founding start-up on building SCAP database, I > would surely not be parsing entities to SQL for sure. > > Best, > ~š. > > > > On 01/31/2018 10:22 PM, Luke Salsich wrote: > > Hey all, > > > > I've been using OpenSCAP for a while on our servers and really > > appreciate what it does. > > > > I've been looking around for a way to store scan results and then query > > them and I can't seem to locate any plugins or apps which do this other > > than SCAPTimony. > > > > SCAPTimony sounds great, but I'm not sure it's currently maintained and > > I don't really want to dive into Foreman just to store Oscap results. > > > > What does the community use for this kind of scan / report storing and > > querying? > > > > We're currently using Ansible AWX to run scans and to manage > > remediation. Love to find a way to pull that XML into a central > > database....... > > > > Thanks very much. > > > > --------------- > > Luke Salsich > > > > > > _______________________________________________ > > Open-scap-list mailing list > > Open-scap-list@redhat.com > > https://www.redhat.com/mailman/listinfo/open-scap-list > > > > > ~š. >
_______________________________________________ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list