You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello everyone,
I'm contacting you because I've had a problem using oscap-chroot for the past week and a half.
I have offline LXC images that I'm analyzing with OpenSCAP's oscap-chroot tool.
However, after using the tool, I open the HTML report that is generated for me, and it shows me no vulnerabilities, whereas 2 weeks ago, the tool found several vulnerabilities.
I've done some research into the source of my problem and I imagine that it comes directly from CVE-MITRE.
I found this article indicating the end of XML to JSON support as of June 30, 2024.
I'm wondering if this change from CVE-MITRE will have an impact on the use of openscap and, more specifically, oscap-chroot.
Does anyone have a problem similar to mine? https://www.cve.org/Media/News/item/blog/2024/07/02/Legacy-CVE-Download-Formats-No-Longer-Supported
OpenSCAP Version:
OpenSCAP command line tool (oscap) 1.4.0
Copyright 2009--2023 Red Hat Inc., Durham, North Carolina.
The offline LXC image underwent no change during the first and second reports.
Actual Results:
The HTML report indicates that no vulnerabilities are found on the offline LXC image, although there should be, since the offline LXC image has not undergone any changes.
Expected Results:
I should have several vulnerabilities detected.
See image of HTML report dated 05/28/2024
Additional Information / Debugging Steps:
The oval-definitions-buster.xml file comes from https://www.debian.org/security/oval/ to retrieve the OVAL definitions corresponding to the operating system of the LXC offline image.
The text was updated successfully, but these errors were encountered:
Description of Problem:
Hello everyone,
I'm contacting you because I've had a problem using oscap-chroot for the past week and a half.
I have offline LXC images that I'm analyzing with OpenSCAP's oscap-chroot tool.
However, after using the tool, I open the HTML report that is generated for me, and it shows me no vulnerabilities, whereas 2 weeks ago, the tool found several vulnerabilities.
I've done some research into the source of my problem and I imagine that it comes directly from CVE-MITRE.
I found this article indicating the end of XML to JSON support as of June 30, 2024.
I'm wondering if this change from CVE-MITRE will have an impact on the use of openscap and, more specifically, oscap-chroot.
Does anyone have a problem similar to mine?
https://www.cve.org/Media/News/item/blog/2024/07/02/Legacy-CVE-Download-Formats-No-Longer-Supported
OpenSCAP Version:
OpenSCAP command line tool (oscap) 1.4.0
Copyright 2009--2023 Red Hat Inc., Durham, North Carolina.
==== Supported specifications ====
SCAP Version: 1.3
XCCDF Version: 1.2
OVAL Version: 5.11.1
CPE Version: 2.3
Asset Identification Version: 1.1
Asset Reporting Format Version: 1.1
==== Capabilities added by auto-loaded plugins ====
SCE Version: 1.0 (from libopenscap_sce.so.25)
Operating System & Version:
Debian 12 on Docker
Steps to Reproduce:
A HTML report from 10/07/2024
A HTML report from 28/05/2024
The offline LXC image underwent no change during the first and second reports.
Actual Results:
The HTML report indicates that no vulnerabilities are found on the offline LXC image, although there should be, since the offline LXC image has not undergone any changes.
Expected Results:
I should have several vulnerabilities detected.
See image of HTML report dated 05/28/2024
Additional Information / Debugging Steps:
The oval-definitions-buster.xml file comes from https://www.debian.org/security/oval/ to retrieve the OVAL definitions corresponding to the operating system of the LXC offline image.
The text was updated successfully, but these errors were encountered: