Hi, I wrote a short blog post about waivers in HTML report. These changes are coming in 1.2.0 so we would like to gather some feedback before the release.
Suggestions welcome!
http://martin.preisler.me/2014/11/waivers-in-openscap-html-report/
The post mentions users won't be able to create waivers in the HTML report itself. What's the workflow to introduce a waiver?
-- Shawn Wells Director, Innovation Programs shawn@redhat.com | 443.534.0130 @shawndwells
On Nov 6, 2014, at 10:49 AM, Martin Preisler mpreisle@redhat.com wrote:
Hi, I wrote a short blog post about waivers in HTML report. These changes are coming in 1.2.0 so we would like to gather some feedback before the release.
Suggestions welcome!
http://martin.preisler.me/2014/11/waivers-in-openscap-html-report/
-- Martin Preisler _______________________________________________ scap-workbench mailing list scap-workbench@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-workbench
On 11/06/2014 05:33 PM, Shawn Wells wrote:
The post mentions users won't be able to create waivers in the HTML report itself. What's the workflow to introduce a waiver?
Hey Shawn,
The waiver creation will be first available through Foreman interface using recently announced project SCAPtimony. This Martin's work is very first step needed to make it happen.
----- Original Message -----
From: "Shawn Wells" shawn@redhat.com To: "Martin Preisler" mpreisle@redhat.com Cc: "open-scap-list" open-scap-list@redhat.com, scap-workbench@lists.fedorahosted.org, "SCAP Security Guide" scap-security-guide@lists.fedorahosted.org Sent: Thursday, November 6, 2014 5:33:43 PM Subject: Re: Waiver support in HTML report
The post mentions users won't be able to create waivers in the HTML report itself. What's the workflow to introduce a waiver?
There is no nice way to introduce a waiver at this point.
In the future the way to do this would be with openscap integration of your choice - scap-workbench, sat5, 6, cockpit, ... I may add some javascript hooks to the HTML report to allow integrations to listen to waiver requests or some such. But the HTML report itself is static, it can't change the XML which stores the results.
----- Original Message -----
From: "Shawn Wells" shawn@redhat.com To: "Martin Preisler" mpreisle@redhat.com Cc: "open-scap-list" open-scap-list@redhat.com, scap-workbench@lists.fedorahosted.org, "SCAP Security Guide" scap-security-guide@lists.fedorahosted.org Sent: Thursday, November 6, 2014 5:33:43 PM Subject: Re: Waiver support in HTML report
The post mentions users won't be able to create waivers in the HTML report itself. What's the workflow to introduce a waiver?
I have done initial research on how to implementing adding waivers from the report.
See the prototype: https://mpreisle.fedorapeople.org/openscap/interactive_waiver.html
Please note that this is not committed yet. It needs quite some cleanup. As discussed previously this allows integrations of openscap to preprocess the HTML report and insert their own callback. That's how they get notified about added waivers.
A nice accidental feature I discovered today is that you can waive the report in firefox and when you "Save as" it saves the report with the waivers. Could be useful in small deployments.
Known issues: - score not recomputed - number of rules that fail, pass, ... isn't recomputed
Feedback appreciated!
On 11/12/14, 11:36 AM, Martin Preisler wrote:
----- Original Message -----
From: "Shawn Wells" shawn@redhat.com To: "Martin Preisler" mpreisle@redhat.com Cc: "open-scap-list" open-scap-list@redhat.com, scap-workbench@lists.fedorahosted.org, "SCAP Security Guide" scap-security-guide@lists.fedorahosted.org Sent: Thursday, November 6, 2014 5:33:43 PM Subject: Re: Waiver support in HTML report
The post mentions users won't be able to create waivers in the HTML report itself. What's the workflow to introduce a waiver?
I have done initial research on how to implementing adding waivers from the report.
See the prototype: https://mpreisle.fedorapeople.org/openscap/interactive_waiver.html
Please note that this is not committed yet. It needs quite some cleanup. As discussed previously this allows integrations of openscap to preprocess the HTML report and insert their own callback. That's how they get notified about added waivers.
A nice accidental feature I discovered today is that you can waive the report in firefox and when you "Save as" it saves the report with the waivers. Could be useful in small deployments.
Known issues:
- score not recomputed
- number of rules that fail, pass, ... isn't recomputed
Feedback appreciated!
A popup/callout screen appears when opening a rule. It'd be great if the "rule details" callout could be escaped by clicking elsewhere outside the window, or simply hitting the Escape key.
scap-workbench@lists.fedorahosted.org
-
Martin Preisler -
Shawn Wells -
Šimon Lukašík