Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2025-03-02 14:27:12 +00:00
Code Issues Projects Releases Packages Wiki Activity

Edits and adding to website menu

Browse source 
Signed-off-by: Mary Jinglewski <mjinglewski@chef.io>
This commit is contained in:
Mary Jinglewski 2019-09-26 16:55:43 -04:00
parent 6e220d0310
commit be5e8d0a33
2 changed files with 15 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
docs/waivers.md
View file

@ -1,20 +1,20 @@
# Waivers (Beta) # Waivers (beta)
Waivers is a mechanism to mark controls as "waived" for various reasons Waivers is a mechanism to mark controls as "waived" for various reasons, and to control the running and/or reporting of those controls.
and to control the running and/or reporting of those controls. It It uses a YAML input file that identifies:
takes a YAML input file that identifies which controls are waived,
(optionally) whether they should be skipped from running, a description of why it
is waived, and (optionally) an expiration date for the waiver.
NOTE: This mechanism is currently in beta and is ultimately meant to be 1. which controls are waived
ingested and maintained by Chef Automate UI. 2. (optionally) whether they should be skipped from running
3. a description of why it is waived
4. (optionally) an expiration date for the waiver
NOTE: This mechanism is currently in beta and is ultimately meant to be ingested and maintained by Chef Automate UI.
## Usage ## Usage
To use waivers, you must have a correctly formatted input file and To use waivers, you must have a correctly formatted input file and
invoke `inspec exec` with `--waiver-file [path]`. Currentlty, waiver results are invoke `inspec exec` with `--waiver-file [path]`.
only reported with the JSON reporter type, so you must also have Currently, waiver results are only reported with the JSON reporter type, so you must also include `--reporter json` in your command, which can be seen in the following example. This may change in the future.
`--reporter json`. This may change in the future.
``` ```
% inspec exec --waiver-file waivers.yaml --reporter json -- path/to/profile % inspec exec --waiver-file waivers.yaml --reporter json -- path/to/profile
@ -22,11 +22,9 @@ only reported with the JSON reporter type, so you must also have
## File Format ## File Format
Waiver files are [input files](inputs.html "inputs files") with a Waiver files are [input files](https://www.inspec.io/docs/reference/inputs/) with a specific format:
specific format:
```yaml ```yaml
control_id:
expiration_date: YYYY-MM-DD expiration_date: YYYY-MM-DD
skip: true skip: true
justification: "reason for waiving this control" justification: "reason for waiving this control"
@ -38,7 +36,7 @@ control_id:
+ `justification` can be any text you want and might include a reason + `justification` can be any text you want and might include a reason
as well as who signed off on the waiver. as well as who signed off on the waiver.
### Example: ### Examples:
```yaml ```yaml
waiver_control_1_2_3: waiver_control_1_2_3:
@ -50,5 +48,3 @@ xccdf_org.cisecurity.benchmarks_rule_1.1.1.4_Ensure_mounting_of_hfs_filesystems_
justification: "This might be a bug in the test. @qateam" justification: "This might be a bug in the test. @qateam"
skip_run: true skip_run: true
# ... and so on ...
```

2
www/data/docs_sidebar.yml
View file

@ -46,3 +46,5 @@ sidebar_links:
link: "/docs/reference/habitat.html" link: "/docs/reference/habitat.html"
- title: Migration from Serverspec - title: Migration from Serverspec
link: "/docs/reference/migration.html" link: "/docs/reference/migration.html"
- title: Waivers (beta)
link: "/docs/reference/waivers.html"