At the moment, it is unclear to users which CaC rules use variables, what the defaults are and how to tune them. For example https://bugzilla.redhat.com/show_bug.cgi?id=1969813 was not really a compliance operator or a content bug per se, but it shows that without us pointing out the variables, it is really hard for users to see them or take them into account.

We should make variables more exposed and easier to use.

Potential ideas (unfleshed):

• crawl the datastream, check which rules' OVAL uses which variables and expose those variables in the rule or even the checkresult CR. That way exploring the rules would show the variables. We could even have a printable column that says "variables: yes/no" to give out a clue
• low-tech: mention the variable names in the OCIL/description of the rule
• ...something else?

Acceptance criteria:

• evaluate how displaying the relation between the variables and the rules that use them fits into Vincent's existing work and whether it can be handled at the same time