-
There's a gemfile that doesn't have any semver restrictions on any of the dependencies so potential for break there.
When will the develop branch be merged with the main branch?
Who is going to …
-
I ran my inspec and generated a .json file for my esxi, vm, vcsa environment.
when I run the following:
saf convert hdf2ckl -i ./vcsa.json -o ./VCSAReport.ckl --hostname --fqdn
I just downl…
-
I maintain the https://github.com/mitre/inspec_tools/blob/master/lib/data/NIST_Map_02052020_CIS_Controls_Version_7.1_Implementation_Groups_1.2.xlsx spreadsheet used by inspec_tools.
Currently, I on…
-
Are there any plans to incorporate the new [EKS-specific CIS benchmark](https://aws.amazon.com/blogs/containers/introducing-cis-amazon-eks-benchmark/)?
If so would that happen here, or in another …
mogul updated
3 years ago
-
-
Conducting a technology audit of our tooling used for Cloud Service Provider management. Needs determine this tool to have a read only ability to audit accounts for users, resources, cost, settings fo…
-
- [x] add a MITRE SAF Team author profile for general SAF articles
- [ ] add in some articles:
- [ ] background on why we need security automation/DevSecOps -- check GitBook
- [ ] put up so…
-
Example: https://github.com/mitre/aws-rds-oracle-mysql-ee-5.7-cis-baseline/blob/ce6494b717e8bbdbe9b601ca85621c072ed0d529/inspec.yml#L30-L45
When creating "overlay" profiles that depend on another "…
-
I am using `saf` as part of a pipeline workflow where saf will cause the image build to fail if it exceeds a threshold. This works well.
If a control isn't passing, we want to be able to quickly v…
-
In order to be used on Federal systems, software needs to be mapped to 800-53.
A mapping in OSCAL would be ideal.