Hello everyone,
I am new to scap project. I played with OVAL long time ago. I remember OVAL
was able to output a list of CVEs with true or false status indicating if
there is a vulnerability or not within the target system. However, while I
am playing with scap, I can not see such list in the report.html. Instead,
I can only see succeed or failed tests against certain properties. And only
vectors like CCE, CWE are mentioned in the outcome report. Is there any
option I can use to create a CVE only report?
Thanks a lot!
--
Su Zhang