/openscap_report.html
+----
+
+
+== Rudder Webapp integration
+
+With the Rudder plugin `Node external reports` which allows to add external, static documents and reports in a new tab in the `node details` webpage, this plugin will display the reports directly in the web interface.
+A compatible configuration file is distributed with the `OpenSCAP-report` plugin, you can find it in `/var/rudder/packages/rudder-plugin-openscap-report/node-external-reports.properties`
+
+The complete documentation of the `Node-external-reports` plugin is available https://docs.rudder.io/reference/5.0/plugins/node-external-reports.html#_documents_naming_convention[here].
diff --git a/openscap-report/build.conf b/openscap-report/build.conf
new file mode 100644
index 000000000..bda6db59d
--- /dev/null
+++ b/openscap-report/build.conf
@@ -0,0 +1,30 @@
+#
+# This file defines the release information about the plugin like
+# its version and its ABI compability.
+#
+# So version are not managed in pom.xml (safe for parent-pom version,
+# which can't be a parameter, and must be equals to rudder-branch here)
+#
+
+# Unique identifier of the plugin
+plugin-name=openscap-report
+# the full name is derived from rudder-plugin-name
+plugin-fullname=rudder-plugin-${plugin-name}
+
+# Human readable short/title descrption (used for one line text)
+plugin-title-description="""OpenSCAP audits managed by Rudder"""
+"""
+
+# WEB, HTML description.
+plugin-web-description=OpenSCAP audits managed by Rudder
+
+# Plugin version. It is build as follow: A.B-x.y(.z) with:
+# - A.B: Rudder major.minor
+# - x.y(.z): plugin major.minor.micro. Micro should be omitted. When omitted, z is assumed to be 0.
+# For the build, we split the information between two properties, rudder branch and plugin version,
+# which must be concaneted with "-" to build the plugin version.
+plugin-branch=0.1
+
+# rudder branch comes from parent
+plugin-version=${rudder-branch}-${plugin-branch}
+
diff --git a/openscap-report/configuration-repository/ncf/50_techniques/plugin_openscap_report/plugin_openscap_report.cf b/openscap-report/configuration-repository/ncf/50_techniques/plugin_openscap_report/plugin_openscap_report.cf
new file mode 100644
index 000000000..a449e9453
--- /dev/null
+++ b/openscap-report/configuration-repository/ncf/50_techniques/plugin_openscap_report/plugin_openscap_report.cf
@@ -0,0 +1,25 @@
+# @name plugin_openscap_report
+# @description This technique will trigger an openscap audit every hour on the agent.
+# @version 1.0
+# @parameter {"id": "0bad6c1e-59c9-44ca-a935-210af4188643", "name": "profile", "constraints": {"allow_whitespace_string": false, "allow_empty_string": false, "max_length": 16384}}
+# @parameter {"id": "182dffe7-4310-4e01-bdd0-3f7db8272e2f", "name": "scap_file", "constraints": {"allow_whitespace_string": false, "allow_empty_string": false, "max_length": 16384}}
+
+bundle agent plugin_openscap_report(profile, scap_file)
+{
+ methods:
+ "Schedule Simple_context_${report_data.directive_id}_0" usebundle => _method_reporting_context("Schedule Simple", "openscap");
+ "Schedule Simple" usebundle => schedule_simple("openscap", "5", "5", "0", "10", "15", "1", "0", "1", "0", "nodups"),
+ ifvarclass => concat("any");
+ "Package present_context_${report_data.directive_id}_1" usebundle => _method_reporting_context("Package present", "openscap-scanner");
+ "Package present" usebundle => package_present("openscap-scanner", "", "", ""),
+ ifvarclass => concat("any");
+ "Package present_context_${report_data.directive_id}_2" usebundle => _method_reporting_context("Package present", "scap-security-guide");
+ "Package present" usebundle => package_present("scap-security-guide", "", "", ""),
+ ifvarclass => concat("any");
+ "run scan Openscap_context_${report_data.directive_id}_3" usebundle => _method_reporting_context("run scan Openscap", "oscap xccdf eval --profile ${profile} --report /var/rudder/tmp/openscap_report.html ${scap_file}");
+ "run scan Openscap" usebundle => command_execution_result("oscap xccdf eval --profile ${profile} --report /var/rudder/tmp/openscap_report.html ${scap_file}", "0,2", "254"),
+ ifvarclass => concat("any.(schedule_simple_openscap_repaired)");
+ "send report to server_context_${report_data.directive_id}_4" usebundle => _method_reporting_context("send report to server", "report.html");
+ "send report to server" usebundle => sharedfile_to_node("root", "report.html", "/var/rudder/tmp/openscap_report.html", "1d"),
+ ifvarclass => concat("any");
+}
diff --git a/openscap-report/configuration-repository/techniques/plugin_openscap_report/category.xml b/openscap-report/configuration-repository/techniques/plugin_openscap_report/category.xml
new file mode 100644
index 000000000..68eef0d4f
--- /dev/null
+++ b/openscap-report/configuration-repository/techniques/plugin_openscap_report/category.xml
@@ -0,0 +1,22 @@
+
+
+
+ OpenSCAP-report
+
+ Contains techniques from the OpenSCAP-report plugin.
+
+
diff --git a/openscap-report/packaging/metadata b/openscap-report/packaging/metadata
new file mode 100644
index 000000000..6d4b04803
--- /dev/null
+++ b/openscap-report/packaging/metadata
@@ -0,0 +1,11 @@
+{
+ "type": "plugin",
+ "name": "${plugin-id}",
+ "version": "${plugin-version}",
+ "build-date": "${maven.build.timestamp}",
+ "build-commit": "${commit-id}",
+ "content": {
+ "files.txz": "/var/rudder/configuration-repository",
+ "external-report.txz": "/var/rudder/packages/rudder-plugin-openscap-report"
+ }
+}
diff --git a/openscap-report/packaging/postinst b/openscap-report/packaging/postinst
new file mode 100755
index 000000000..274fbe610
--- /dev/null
+++ b/openscap-report/packaging/postinst
@@ -0,0 +1,16 @@
+#!/bin/bash
+set -x
+
+# Import Ansible Technique
+FOLDERS="ncf/50_techniques/plugin_openscap_report techniques/plugin_openscap_report techniques/ncf_techniques"
+cd /var/rudder/configuration-repository/
+git reset
+for folder in $FOLDERS
+do
+ chown -R ncf-api-venv:rudder $folder
+ chmod 664 -R $folder
+ chmod -R +X $folder
+ git add $folder
+done
+git commit -m "OpenSCAP-report plugin installation"
+rudder server reload-techniques
diff --git a/openscap-report/packaging/prerm b/openscap-report/packaging/prerm
new file mode 100755
index 000000000..4e0f6990e
--- /dev/null
+++ b/openscap-report/packaging/prerm
@@ -0,0 +1,18 @@
+#!/bin/bash
+set -x
+
+# Import Ansible Technique
+NAME=plugin_openscap_report
+FOLDERS="ncf/50_techniques techniques dsc/ncf/50_techniques techniques/ncf_techniques"
+cd /var/rudder/configuration-repository/
+git reset
+for folder in $FOLDERS
+do
+ git rm -r $folder/$NAME
+done
+git commit -m "OpenSCAP-report plugin uninstallation"
+# need to be run 2 times to be updated, first one will fail
+# TODO #16053
+rudder server reload-techniques || /bin/true
+rudder server reload-techniques
+
diff --git a/openscap-report/src/node-external-reports.properties b/openscap-report/src/node-external-reports.properties
new file mode 100644
index 000000000..fdd66c739
--- /dev/null
+++ b/openscap-report/src/node-external-reports.properties
@@ -0,0 +1,29 @@
+#
+#
+#
+
+#The name of the tab in node details for report.
+#Must be non empty
+plugin.node-external-reports.tab-name=External Reports
+
+
+#
+# Configure several reports.
+# Value must be enclosed with "" only
+# if the string contains "@"
+#
+# The reports will appear sorted alpha-numerically
+# by key, so you can force order by prefixing with
+# a number.
+#
+plugin.node-external-reports.reports {
+
+ 04_openscap= {
+ title=Openscap report
+ description=This report display OS information
+ dirname="/var/rudder/shared-files/root/files/@@node@@"
+ filename="openscap_report.html"
+ content-type=text/html
+ }
+
+}