ComplianceAsCode is used to generate an XML, with the recommendations from many compliance guides, that is used by OpenSCAP to generate a report (how many recommendation did we apply?) and a patch (automatically apply unapplied recommendations).
This is a project that includes Compliance as Code Loader and Compliance as Code as submodules.
You will need to have Docker and Docker Compose installed on your system. To get started with this project, follow these steps:
- Clone the repository
- You can initialize and update the submodules with the following commands:
git submodule init
git submodule update
- You can navigate to the loader and content directories to work on them individually.
- Navigate to the project's root directory in your terminal.
- Run the following command to start the Docker container defined in the
docker-compose.yml
file:
docker compose up -d
docker attach $(docker compose ps -q)
Once you are done working, run the following command to stop the Docker container:
docker compose down
The compliance as code project is in content
. You're only supposed to edit the files in loader
which are merged in content
. See the Loader README for usage instructions.
This reduces the complexity of updating content
, as it changes often and merge are quite a hassle. Moreover, this reduces the complexity of manipulating CAC.
Reminder: content
; do not commit them.
On the docker, execute these only once:
cd content
source .pyenv.sh
Then, each time you merge your files in Compliance As Code
./utils/after_merge.sh
./build_product <your_product_name> -j $(nproc)
Once you got your XML, refer to the OpenSCAP documentation to use it.