mirror of
https://github.com/inspec/inspec
synced 2024-11-23 13:13:22 +00:00
Edits and adding to website menu
Signed-off-by: Mary Jinglewski <mjinglewski@chef.io>
This commit is contained in:
parent
6e220d0310
commit
be5e8d0a33
2 changed files with 15 additions and 17 deletions
|
@ -1,20 +1,20 @@
|
|||
# Waivers (Beta)
|
||||
# Waivers (beta)
|
||||
|
||||
Waivers is a mechanism to mark controls as "waived" for various reasons
|
||||
and to control the running and/or reporting of those controls. It
|
||||
takes a YAML input file that identifies which controls are waived,
|
||||
(optionally) whether they should be skipped from running, a description of why it
|
||||
is waived, and (optionally) an expiration date for the waiver.
|
||||
Waivers is a mechanism to mark controls as "waived" for various reasons, and to control the running and/or reporting of those controls.
|
||||
It uses a YAML input file that identifies:
|
||||
|
||||
NOTE: This mechanism is currently in beta and is ultimately meant to be
|
||||
ingested and maintained by Chef Automate UI.
|
||||
1. which controls are waived
|
||||
2. (optionally) whether they should be skipped from running
|
||||
3. a description of why it is waived
|
||||
4. (optionally) an expiration date for the waiver
|
||||
|
||||
NOTE: This mechanism is currently in beta and is ultimately meant to be ingested and maintained by Chef Automate UI.
|
||||
|
||||
## Usage
|
||||
|
||||
To use waivers, you must have a correctly formatted input file and
|
||||
invoke `inspec exec` with `--waiver-file [path]`. Currentlty, waiver results are
|
||||
only reported with the JSON reporter type, so you must also have
|
||||
`--reporter json`. This may change in the future.
|
||||
invoke `inspec exec` with `--waiver-file [path]`.
|
||||
Currently, waiver results are only reported with the JSON reporter type, so you must also include `--reporter json` in your command, which can be seen in the following example. This may change in the future.
|
||||
|
||||
```
|
||||
% inspec exec --waiver-file waivers.yaml --reporter json -- path/to/profile
|
||||
|
@ -22,11 +22,9 @@ only reported with the JSON reporter type, so you must also have
|
|||
|
||||
## File Format
|
||||
|
||||
Waiver files are [input files](inputs.html "inputs files") with a
|
||||
specific format:
|
||||
Waiver files are [input files](https://www.inspec.io/docs/reference/inputs/) with a specific format:
|
||||
|
||||
```yaml
|
||||
control_id:
|
||||
expiration_date: YYYY-MM-DD
|
||||
skip: true
|
||||
justification: "reason for waiving this control"
|
||||
|
@ -38,7 +36,7 @@ control_id:
|
|||
+ `justification` can be any text you want and might include a reason
|
||||
as well as who signed off on the waiver.
|
||||
|
||||
### Example:
|
||||
### Examples:
|
||||
|
||||
```yaml
|
||||
waiver_control_1_2_3:
|
||||
|
@ -50,5 +48,3 @@ xccdf_org.cisecurity.benchmarks_rule_1.1.1.4_Ensure_mounting_of_hfs_filesystems_
|
|||
justification: "This might be a bug in the test. @qateam"
|
||||
skip_run: true
|
||||
|
||||
# ... and so on ...
|
||||
```
|
||||
|
|
|
@ -46,3 +46,5 @@ sidebar_links:
|
|||
link: "/docs/reference/habitat.html"
|
||||
- title: Migration from Serverspec
|
||||
link: "/docs/reference/migration.html"
|
||||
- title: Waivers (beta)
|
||||
link: "/docs/reference/waivers.html"
|
||||
|
|
Loading…
Reference in a new issue