RubygemsResearch

Sha256: 2779a8ea9848afeae8b1a11c2b499ffe7c306a3f934a3165c72ab6398aab9ca9

Contents?: true

Size: 1.92 KB

Versions: 13

Compression:

Stored size: 1.92 KB

# Test plugin: `vulnerabilities`

The `vulnerabilities` test plugin checks that a node has no known vulnerabilities, as published by its vendor's [OVAL files](https://oval.cisecurity.org/).

This plugin uses a `oval.json` file storing OVAL files URLs to be fetched, in the image OS directory.
Here is the structure of the `oval.json` file:
* **repo_urls** (`Array<String>`): List of URLs to fetch OVAL files from. The URL can be:
  * A direct URL to the OVAL `.xml` file.
  * A direct URL to a compressed (`.gz` or `.bz2`) OVAL file.
  * Any other URL that will be then crawled to follow the last link recursively unless it finds a URL to a direct OVAL file (compressed or not). This is useful to give URL of browsable repositories adding OVAL files every day, and always grab the last one.
* **reported_severities** (`Array<String>`): List of OVAL item severities to be reported in case nodes are vulnerable to them.

Example of `oval.json`:
```json
{
  "repo_urls": [
    // Take the most recent OVAL file from our repository
    "https://my_oval.my_domain.com/oval-definitions"
  ],
  "reported_severities": [
    "Critical",
    "Important",
    "Unknown"
  ]
}
```

Example of `oval.json` for Debian 10:
```json
{
  "urls": [
    // Use directly the published OVAL file from Debian
    "https://www.debian.org/security/oval/oval-definitions-buster.xml"
  ],
  "reported_severities": [
    "Critical",
    "Important",
    "Unknown"
  ]
}
```

## Config DSL extension

None

## Used credentials

| Credential | Usage
| --- | --- |

## Used Metadata

| Metadata | Type | Usage
| --- | --- | --- |
| `image` | `String` | The name of the OS image to be used. The [configuration](../../config_dsl.md) should define the image and point it to a directory containing a `oval.json` that will contain definition of OVAL files to be checked for this OS(see above). |

## Used environment variables

| Variable | Usage
| --- | --- |

## External tools dependencies

None

Version data entries

13 entries across 13 versions & 1 rubygems

Version	Path
hybrid_platforms_conductor-32.17.0	docs/plugins/test/vulnerabilities.md
hybrid_platforms_conductor-32.16.4	docs/plugins/test/vulnerabilities.md
hybrid_platforms_conductor-32.16.3	docs/plugins/test/vulnerabilities.md
hybrid_platforms_conductor-32.16.2	docs/plugins/test/vulnerabilities.md
hybrid_platforms_conductor-32.16.1	docs/plugins/test/vulnerabilities.md
hybrid_platforms_conductor-32.16.0	docs/plugins/test/vulnerabilities.md
hybrid_platforms_conductor-32.15.0	docs/plugins/test/vulnerabilities.md
hybrid_platforms_conductor-32.14.0	docs/plugins/test/vulnerabilities.md
hybrid_platforms_conductor-32.13.4	docs/plugins/test/vulnerabilities.md
hybrid_platforms_conductor-32.13.3	docs/plugins/test/vulnerabilities.md
hybrid_platforms_conductor-32.13.2	docs/plugins/test/vulnerabilities.md
hybrid_platforms_conductor-32.13.1	docs/plugins/test/vulnerabilities.md
hybrid_platforms_conductor-32.13.0	docs/plugins/test/vulnerabilities.md