Hello, On Thursday, August 30, 2018 8:05:30 AM EDT Mohanraj, Bharath wrote: > I'm using the oscap scanner on linux boxes, for triggering "oscap xccdf > eval" command. In the output generated, one of the info I would need to > present is the CVE for each rule.
This may be a misunderstanding in terminology. Each rule has a CCE - not a CVE. You can write rules to detect packages with known CVE's, but that is not your typical XCCDF. > However, I don't see the CVE info for > the rules in the xccdf xmls (no <ident> tag for CVEs under the rules). > > Can you please help me understand how I can capture the CVE associated with > each rule? I think you mean CCE. What content are you running? -Steve _______________________________________________ Open-scap-list mailing list Openfirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/open-scap-list