search

mitre / inspec_tools

A command-line and ruby API of utilities, converters and tools for creating, converting and processing security baseline formats, results and data
https://inspec-tools.mitre.org/
Other
91 stars 30 forks source link

Categorize all errors the same #145

Closed ljkimmel closed 4 years ago

ljkimmel commented 4 years ago

It seems to me that any errors in the inspec run should be just as impactful. Currently, if I want to fail my compliance based on errors I have to set my max errors to '0' for each criticality. I think it makes more sense to lump all errors together so that instead of:

errors:
  critical:
    max: 0
  high:
    max: 0
  medium:
    max: 0
  low:
    max: 0

I can just say:

errors:
  max: 0

or even:

errors: 0

This last one probably makes the most sense because I don't think I would ever want to make sure that I have at LEAST n number of errors to pass. If the profile is written correctly there should probably never be errors.

ljkimmel commented 4 years ago

I see now that we can do:

errors:
  total:
    max: 0

Which is sufficient.