I'm referring to the section 2.5.1 in the link here, https://static.open-scap.org/openscap-1.2/oscap_user_manual.html
It says, " Each XCCDF Rule can have xccdf:ident elements inside. These elements allow the content creator to reference various external identifiers like CVE, CCE, CPE and others." But I don't see CVE under any of the rules. Regards, Bharath M -----Original Message----- From: Steve Grubb <sgr...@redhat.com> Sent: Thursday, August 30, 2018 6:38 PM To: open-scap-list@redhat.com Cc: Mohanraj, Bharath <bharath_mohanraj...@bmc.com> Subject: Re: [Open-scap] OSCAP - CVE information Hello, On Thursday, August 30, 2018 8:05:30 AM EDT Mohanraj, Bharath wrote: > I'm using the oscap scanner on linux boxes, for triggering "oscap > xccdf eval" command. In the output generated, one of the info I would > need to present is the CVE for each rule. This may be a misunderstanding in terminology. Each rule has a CCE - not a CVE. You can write rules to detect packages with known CVE's, but that is not your typical XCCDF. > However, I don't see the CVE info for > the rules in the xccdf xmls (no <ident> tag for CVEs under the rules). > > Can you please help me understand how I can capture the CVE associated > with each rule? I think you mean CCE. What content are you running? -Steve _______________________________________________ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list
