-
In order to be used on Federal systems, software needs to be mapped to 800-53.
A mapping in OSCAL would be ideal.
-
Having a "saf scan" option that does not actually execute an InSpec scan is confusing users. For now, we should change the scan command to "profiles," which will basically print a link to saf.mitre.or…
-
- [x] add a MITRE SAF Team author profile for general SAF articles
- [ ] add in some articles:
- [ ] background on why we need security automation/DevSecOps -- check GitBook
- [ ] put up so…
-
I am using `saf` as part of a pipeline workflow where saf will cause the image build to fail if it exceeds a threshold. This works well.
If a control isn't passing, we want to be able to quickly v…
-
I have tested this in both Inspec and Cinc Auditor version 4.46.13.
I have setup a test where i have created a new blank test profile, then modified the it to depend on the RHEL 7 STIG Baseline wit…
-
Many CIS benchmarks cite multiple CIS CSC security controls in their benchmarks. In addition, some cite from different versions of the CIS CSC security controls, often citing a version 6 CSC security …
-
Due to the inactivity of this project for over 1 year, this project is marked to be archived. Previously release assets will be untouched, but support will cease for this project going forward. If any…
-
Hi Team,
We're trying to make sense of all of the CIS findings in some of our projects, and how to begin to address them.
Currently, to even identify the affected resources, all we have is a messa…
-
### 🎛 As a government contractor we have to report our inspec findings as a checklist xml file. It would nice to have inspec generate one of those or to at minimum have the reporter report more info…
-
See https://www.inspec.io/docs/reference/resources/file/#mode
> Note: see the [be_more_permissive_than(mode)](https://www.inspec.io/docs/reference/resources/file/#be_more_permissive_than?(mode)) ma…