Properties of controls in agent-based scanning rules
The properties of a control are basic fields that identify a control and its severity.
- Control Name: a string that helps you quickly identify the control
- Severity: a number from 0.1 (lowest) to 10.0 (highest) that lets you determine how serious a control violation is considered in this rule. If you choose to create an issue when a control is violated, the severity of the failed control defines the severity of the issue. Severities appear on lists of issues to make them easier to rank.
- Severity is different from a vulnerability risk (CVSS) score. However, if you wish to use the CVSS score as the severity for vulnerability issues, you can set that option. See
Descriptor.
- Severity is different from a vulnerability risk (CVSS) score. However, if you wish to use the CVSS score as the severity for vulnerability issues, you can set that option. See
- Level: there are two levels
- Error: A level of
errormeans that a non-zero will be returned, which can be used (for example, by CI build scripts) to break a build. The exact value of the exit code depends on the severity of all controls which were violated. See note below for more details. - Warning: A level of
warningwill return an exit code of0which can be used to allow the build to continue. - To determine the exit code for a scan, enter
echo $?in the CLI after the scan concludes. If0is returned, that means no controls of levelerrorwere violated. If a number greater than0is returned, that means a control of levelerrorwas violated, and the number reflects the highest-severity control that was violated, rounded to the nearest integer.
- Error: A level of