content icon indicating copy to clipboard operation
content copied to clipboard

Published 20 hours ago verified publisher icon ComplianceAsCode

Tool for identifying the most used rules

Open Honny1 opened this issue 1 year ago • 11 comments

Description:

This PR adds a subcommand profile_tool.py that generates a list of rules with the number of uses in profiles in different formats.

Rationale:

It is known that many rules are common among profiles so we can infer that much less than 1825 rules are in fact used for RHEL, but we are including thousands of rules in the data stream because we don't know exactly what is needed or not.

We have many rules without Ansible remediation, some rules without Bash remediation and some few rules without OVAL check. It is great to close the gaps, but it would be smart to prioritize the most used rules.

It is hard to identify these most used rules and consequently optimize our efforts.

Review Hints:

To generate a list of the most used rules in the rhel9 benchmark you can run this command:

    $ ./build_product rhel9
    $ ./build-scripts/profile_tool.py most-used-rules  build/ssg-rhel9-xccdf.xml

Or you can run this command to get info about the whole project:

    $ ./build-scripts/profile_tool.py most-used-rules

Depends on: #11438

Honny1 avatar Jan 10 '24 11:01 Honny1

Skipping CI for Draft Pull Request. If you want CI signal for your change, please convert it to an actual PR. You can still manually trigger a test run with /test all

openshift-ci[bot] avatar Jan 10 '24 11:01 openshift-ci[bot]

Start a new ephemeral environment with changes proposed in this pull request:

Fedora Environment Open in Gitpod

Oracle Linux 8 Environment Open in Gitpod

github-actions[bot] avatar Jan 10 '24 11:01 github-actions[bot]

@Honny1 It would be great to sort the output by the count of the rules.

jan-cerny avatar Jan 10 '24 11:01 jan-cerny

@jan-cerny The rules are listed in descending order.

Honny1 avatar Jan 10 '24 12:01 Honny1

@Honny1 It doesn't sort for me

jan-cerny avatar Jan 10 '24 13:01 jan-cerny

@jan-cerny Fixed!

Honny1 avatar Jan 10 '24 13:01 Honny1

now it sorts for me, thanks

jan-cerny avatar Jan 10 '24 13:01 jan-cerny

@Honny1 , I saw the changes in https://github.com/ComplianceAsCode/content/pull/11438 are also incorporated here. Did I miss any change there but not here?

marcusburghardt avatar Jan 12 '24 10:01 marcusburghardt

@marcusburghardt Yes, the changes from #11438 should be incorporated into this PR. I will rebase on the master after merging #11438.

Honny1 avatar Jan 12 '24 11:01 Honny1

/packit build

jan-cerny avatar Feb 06 '24 10:02 jan-cerny

:robot: A k8s content image for this PR is available at: ghcr.io/complianceascode/k8scontent:11439

Click here to see how to deploy it

If you alread have Compliance Operator deployed: utils/build_ds_container.py -i ghcr.io/complianceascode/k8scontent:11439

Otherwise deploy the content and operator together by checking out ComplianceAsCode/compliance-operator and: CONTENT_IMAGE=ghcr.io/complianceascode/k8scontent:11439 make deploy-local

github-actions[bot] avatar Feb 28 '24 14:02 github-actions[bot]

Code Climate has analyzed commit 18bfd532 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 83.3% (50% is the threshold).

This pull request will bring the total coverage in the repository to 59.8% (2.0% change).

View more on Code Climate.

qlty-cloud-legacy[bot] avatar Feb 28 '24 17:02 qlty-cloud-legacy[bot]

/packit retest-failed

Honny1 avatar Feb 29 '24 08:02 Honny1