Uploaded image for project: 'Insights Experiences'
  1. Insights Experiences
  2. HMS-9407

Enable BSI SCAP profile in RHEL 9 and what next?

XMLWordPrintable

    • Icon: Epic Epic
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • None
    • Image Builder
    • None
    • Enable BSI SCAP profile in RHEL 9 and what next?
    • To Do
    • image-builder-1
    • 0% To Do, 33% In Progress, 67% Done
    • False

      This epic has been created based on discussion with thozza@redhat.com and on https://redhat-internal.slack.com/archives/C0235DZB0DT/p1757064170836629

      The point is that currently list of SCAP profiles which are available through Osbuild seems to be hardcoded.
      References:
      https://github.com/osbuild/images/blob/main/data/distrodefs/distros.yaml
      https://github.com/osbuild/images/blob/9f28896f96e04c8e00967737c0f41867a03aaf37/pkg/customizations/oscap/oscap.go#L17

      This epic should track two things:
      1. Update the osbuild so that in 9.7 zeroday there ships a version which allows this profile to be selected?
      2. Establish a process or find a solution so that we do not meet this surprise in the future. I assume we can inform you in advance of new profiles, since you have rapid cadence of releases. Or the allowlist should be removed all together.

              gzuccare@redhat.com Gianluca Zuccarelli
              vpolasek@redhat.com Vojtech Polasek
              None
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: