aaronlippold
commented
5 years ago This has been resolved in #51 #52 #55
Closed kevin-j-smith closed 5 years ago
aaronlippold
commented
5 years ago This has been resolved in #51 #52 #55
There are two parts to this issue: 1) The created checklist from inspec inspec2ckl could not be validated using STIGViewer's checklist xml schema. There were: 1) missing TAGS in the ASSET section 2) Severity was missing 3) Not_Tested is not a valid status (Not_Reviewed is valid) 2) As to the missing TAGS in the ASSET section where does this data come from? : 1) After some enhancements and PRs going into inspec/train and inspec/inspec to have additional platform information gathered and reported most of this data can come from there. 2) It is possible this is not helpful as well as some data might not be able to be reported. Therefore, it would be nice to add data to a metadata.json file with helpful and/or additional information that will become part of the checklist.
While doing work to add metadata to inspec2ckl I also added metadata to xccdf2inspec conversion so that maintainer, copyright, email and license information can be completed during conversion and not after. All of that helps so that inspec profile can be filled out to contain a better README.md and LICENSE.md files. :) .