The current scaffolding works really well.
Improvements and rearchitecting the current scaffolding would allow for greater flexibility, visibility and customization in profile use and reporting.
- Every profile is a Habitat artifact
- Every profile/artifact can be run stand-alone as a once-off run, or as a service with all the benefits of package subscription and automatic updating that Habitat provides
- Every profile employed in a scan is reported separately (specified individually on the
inspec execcommand line)
- Leverage Habitat for profile dependencies
Nice to have
- Maintain the list of profiles to be run in a single location
- Minimal (if any) changes required to existing Inspec profiles
- We need to retain the ability to modify profiles (eg: Setting custom scores)
- we need to ensure waivers are intelligently managed either in-artifact, or injectable some time later (during run, with configuration?)
- Potentially use inputs to define scores/custom values, with defaults in the profile itself.