--- # Copyright Red Hat, Inc. # All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # defaults file for compliance role cifmw_compliance_artifacts_basedir: "{{ cifmw_basedir }}/tests/compliance" cifmw_compliance_cleanup: true # A list of available profiles can be found using "oscap info /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml" # Example profiles are: stig, stig_gui, pci-dss, ospp, ism_o, hipaa, e8, cui, cis_workstation_l2, cis_workstation_l1, # cis_server_l1, cis, ccn_intermediate, ccn_basic, ccn_advanced, anssi_bp28_intermediary, anssi_bp28_high, anssi_bp28_enhanced cifmw_compliance_compute_profiles: - pci-dss - e8 - stig cifmw_compliance_compute_artifacts_basedir: "{{ ansible_user_dir ~ '/compliance-scans' }}" cifmw_compliance_dry_run: false cifmw_compliance_namespace: openshift-compliance cifmw_compliance_plugin_image: registry.redhat.io/compliance/oc-compliance-rhel8:stable cifmw_compliance_podman_registry: registry.redhat.io cifmw_compliance_scan_settings: cis: - ocp4-cis # - ocp4-cis-node e8: - ocp4-e8 - rhcos4-e8 high: - ocp4-high - ocp4-high-node - rhcos4-high moderate: - ocp4-moderate - ocp4-moderate-node - rhcos4-moderate nerc-cip: - ocp4-nerc-cip - ocp4-nerc-cip-node # - rhcos4-nerc-cip pci-dss: - ocp4-pci-dss - ocp4-pci-dss-node stig: - ocp4-stig - ocp4-stig-node - rhcos4-stig cifmw_compliance_scap_content_file: /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml cifmw_compliance_suites: - cis - e8 - high - moderate - nerc-cip - pci-dss - stig