Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-11-23 13:13:22 +00:00
Code Issues Projects Releases Packages Wiki Activity

Edits and adding to website menu

Browse source 
Signed-off-by: Mary Jinglewski <mjinglewski@chef.io>
This commit is contained in:
Mary Jinglewski 2019-09-26 16:55:43 -04:00
parent 6e220d0310
commit be5e8d0a33
2 changed files with 15 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
docs/waivers.md
View file

@ -1,20 +1,20 @@
# Waivers (Beta)
# Waivers (beta)
Waivers is a mechanism to mark controls as "waived" for various reasons
and to control the running and/or reporting of those controls. It
takes a YAML input file that identifies which controls are waived,
(optionally) whether they should be skipped from running, a description of why it
is waived, and (optionally) an expiration date for the waiver.
Waivers is a mechanism to mark controls as "waived" for various reasons, and to control the running and/or reporting of those controls.
It uses a YAML input file that identifies:
NOTE: This mechanism is currently in beta and is ultimately meant to be
ingested and maintained by Chef Automate UI.
1. which controls are waived
2. (optionally) whether they should be skipped from running
3. a description of why it is waived
4. (optionally) an expiration date for the waiver
NOTE: This mechanism is currently in beta and is ultimately meant to be ingested and maintained by Chef Automate UI.
## Usage
To use waivers, you must have a correctly formatted input file and
invoke `inspec exec` with `--waiver-file [path]`. Currentlty, waiver results are
only reported with the JSON reporter type, so you must also have
`--reporter json`. This may change in the future.
invoke `inspec exec` with `--waiver-file [path]`.
Currently, waiver results are only reported with the JSON reporter type, so you must also include `--reporter json` in your command, which can be seen in the following example. This may change in the future.
```
% inspec exec --waiver-file waivers.yaml --reporter json -- path/to/profile
@ -22,11 +22,9 @@ only reported with the JSON reporter type, so you must also have
## File Format
Waiver files are [input files](inputs.html "inputs files") with a
specific format:
Waiver files are [input files](https://www.inspec.io/docs/reference/inputs/) with a specific format:
```yaml
control_id:
expiration_date: YYYY-MM-DD
skip: true
justification: "reason for waiving this control"
@ -38,7 +36,7 @@ control_id:
+ `justification` can be any text you want and might include a reason
as well as who signed off on the waiver.
### Example:
### Examples:
```yaml
waiver_control_1_2_3:
@ -50,5 +48,3 @@ xccdf_org.cisecurity.benchmarks_rule_1.1.1.4_Ensure_mounting_of_hfs_filesystems_
justification: "This might be a bug in the test. @qateam"
skip_run: true
# ... and so on ...
```

2
www/data/docs_sidebar.yml
View file

@ -46,3 +46,5 @@ sidebar_links:
link: "/docs/reference/habitat.html"
- title: Migration from Serverspec
link: "/docs/reference/migration.html"
- title: Waivers (beta)
link: "/docs/reference/waivers.html"