Closed matusmarhefka closed 6 years ago
The scanner_args cmd option should support xccdf-id option for scanner as some profiles are not accessible without it. Current behaviour (used with atomic scan frontend):
$ sudo atomic scan --scan_type configuration_compliance --scanner_args "xccdf-id=scap_org.open-scap_cref_ssg-rhel7-xccdf-1.2.xml profile=xccdf_org.ssgproject.content_profile_pci-dss" rh7 docker run -t --rm -v /etc/localtime:/etc/localtime -v /run/atomic/2017-10-17-17-54-48-745994:/scanin -v /var/lib/atomic/openscap/2017-10-17-17-54-48-745994:/scanout:rw,Z -v /etc/oscapd:/etc/oscapd:ro openscap oscapd-evaluate scan --targets chroots-in-dir:///scanin --output /scanout --no-cve-scan --fix_type bash -j1 --xccdf-id scap_org.open-scap_cref_ssg-rhel7-xccdf-1.2.xml profile=xccdf_org.ssgproject.content_profile_pci-dss $ echo $? 2
The scanner_args cmd option should support xccdf-id option for scanner as some profiles are not accessible without it. Current behaviour (used with atomic scan frontend):