Description of problem: Currently the image-inspector only supports scanning a version of RHEL. It can be configured with either a RHEL 5, 6 or 7 version number. Expand the image-inspector configuration capability to allow it to be configured to scan CentOS versions also.
(In reply to jack.ottofaro from comment #0) > Description of problem: > > Currently the image-inspector only supports scanning a version of RHEL. It > can be configured with either a RHEL 5, 6 or 7 version number. Expand the > image-inspector configuration capability to allow it to be configured to > scan CentOS versions also. Jack as far as I know this is not supported by OpenSCAP at the moment (there is no official CentOS CVE feed to consume). I think you should start by requesting this to the OpenSCAP team and maintainers of the CVE feeds.
Hi Federico, The oscap tool itself takes the Source DataStream file, for example ssg-rhel7-ds.xml, as input. My understanding is users can and do customize these files even for RHEL. If you simply allowed the image-inspector to take the entire Source DataStream file as input rather than just the RHEL version number it would give the image-inspector the flexibility to support what the underlying oscap tool supports and account for the possibility that the RHEL file name format could change. So the enhancement would not be CentOS specific.
Please assess the impact of this issue and update the severity accordingly. Please refer to https://bugzilla.redhat.com/page.cgi?id=fields.html#bug_severity for a reminder on each severity's definition. If it's something like a tracker bug where it doesn't matter, please set it to Low/Low.