Module ploigos_step_runner.step_implementers.container_image_static_vulnerability_scan.openscap
StepImplementer for the container-image-static-vulnerability-scan step using OpenSCAP.
Convenience wrapper for the OpenSCAPGeneric step implementer so that users
can specify OpenSCAP for the container-image-static-compliance-scan.
Step Configuration
Step configuration expected as input to this step. Could come from:
- static configuration
- runtime configuration
- previous step results
| Configuration Key | Required? | Default | Description |
|---|---|---|---|
container-image-tag |
Yes | Container image tag to scan. | |
oscap-input-definitions-uri |
Yes | URI to the OpenSCAP definitions file to do the evaluation with. Must use protocol file:// | |
oscap-profile |
No | OpenSCAP profile to evaluate. | |
oscap-tailoring-uri |
No | URI to OpenSCAP tailoring file to do the evaluation with. Must use protocol file:// | |
oscap-fetch-remote-resources |
No | True | For Source DataStream and XCCDF files
that have remote references fetch them if
True, else don't.
WARNING: evaluations will not be complete if input defintions require remote resources and this is not True. For disconnected environments the remote internal mirror. |
| 'oscap-severity' | No | Severity threshold for failing a step. Will fail step on any vulnerability at that severity or higher.. Will fail on any severity if unset. Valid severity: low |
Result Artifacts
Results artifacts output by this step.
| Result Artifact Key | Description |
|---|---|
html-report |
HTML report generated by oscap eval |
xml-report |
XML report generated by oscap eval |
stdout-report |
stdout report generated by oscap eval |
Classes
class OpenSCAP (workflow_result, parent_work_dir_path, config, environment=None)-
StepImplementerfor thecontainer-image-static-vulnerability-scanstep using OpenSCAP.Convenience wrapper for the
OpenSCAPGenericstep implementer so that users can specifyOpenSCAPfor thecontainer-image-static-compliance-scan.Expand source code
class OpenSCAP(OpenSCAPGeneric): """`StepImplementer` for the `container-image-static-vulnerability-scan` step using OpenSCAP. Convenience wrapper for the `OpenSCAPGeneric` step implementer so that users can specify `OpenSCAP` for the `container-image-static-compliance-scan`. """Ancestors
- OpenSCAPGeneric
- StepImplementer
- abc.ABC
Inherited members
OpenSCAPGeneric:configcreate_working_dir_sub_direnvironmentget_config_valueget_copy_of_runtime_step_configget_result_valueget_valueglobal_config_defaultsglobal_environment_config_defaultshas_config_valuerun_stepstep_configstep_config_overridesstep_environment_configstep_implementer_config_defaultsstep_namesub_step_implementer_namesub_step_namework_dir_pathworkflow_resultwrite_working_file