Hello,

On Thursday, August 30, 2018 8:05:30 AM EDT Mohanraj, Bharath wrote:
> I'm using the oscap scanner on linux boxes, for triggering "oscap xccdf
> eval" command. In the output generated, one of the info I would need to
> present is the CVE for each rule.

This may be a misunderstanding in terminology. Each rule has a CCE - not a 
CVE. You can write rules to detect packages with known CVE's, but that is not 
your typical XCCDF.

> However, I don't see the CVE info for
> the rules  in the xccdf xmls (no <ident> tag for CVEs under the rules).
> 
> Can you please help me understand how I can capture the CVE associated with
> each rule?

I think you mean CCE. What content are you running?

-Steve


_______________________________________________
Open-scap-list mailing list
Open-scap-list@redhat.com
https://www.redhat.com/mailman/listinfo/open-scap-list

Reply via email to