On 1/31/18 10:22 PM, Luke Salsich wrote: > Hey all, > > I've been using OpenSCAP for a while on our servers and really > appreciate what it does. > > I've been looking around for a way to store scan results and then > query them and I can't seem to locate any plugins or apps which do > this other than SCAPTimony. > > SCAPTimony sounds great, but I'm not sure it's currently maintained > and I don't really want to dive into Foreman just to store Oscap results. > > What does the community use for this kind of scan / report storing and > querying? > > We're currently using Ansible AWX to run scans and to manage > remediation. Love to find a way to pull that XML into a central > database.......
This week was DevConf in Brno [0] and this very topic came up multiple times! The quick answer being broad agreement that "yes this must happen." There are partner projects like Foreman (upstream) and Satellite (downstream) which integrate scanning into their embedded databases. In general there is a desire to unify SCAP with OpenControl for central reporting though. Many are in transit from Brno back home over the next few days, or recovering locally from staying out all night for the past week :) Some responses might be slightly delayed because of this. If you could have database integration with SCAP.... what all would you want it to do? Could you help the community form a few user stories? [0] https://devconf.cz/cz/2018
_______________________________________________ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-le...@lists.fedorahosted.org
