On Thursday, August 30, 2018 8:05:30 AM EDT Mohanraj, Bharath wrote:
> I'm using the oscap scanner on linux boxes, for triggering "oscap xccdf
> eval" command. In the output generated, one of the info I would need to
> present is the CVE for each rule.

This may be a misunderstanding in terminology. Each rule has a CCE - not a 
CVE. You can write rules to detect packages with known CVE's, but that is not 
your typical XCCDF.

> However, I don't see the CVE info for
> the rules  in the xccdf xmls (no <ident> tag for CVEs under the rules).
> Can you please help me understand how I can capture the CVE associated with
> each rule?

I think you mean CCE. What content are you running?


Open-scap-list mailing list

Reply via email to