Skip to content

jonathancaruso/scap-dashboard

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
static
static
 
 
templates
templates
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
Run-SCAPDaily.ps1
Run-SCAPDaily.ps1
 
 
app.py
app.py
 
 
requirements.txt
requirements.txt
 
 
start_dashboard.ps1
start_dashboard.ps1
 
 

Repository files navigation

SCAP Reports Dashboard

A web-based dashboard for browsing and analyzing SCAP (Security Content Automation Protocol) compliance reports.

Features

  • Computer Overview: View all computers with their latest scan scores and summary statistics
  • Report Browsing: Browse all reports for each computer, sorted by date
  • Detailed Analysis: View comprehensive details for each report including:
    • Benchmark information
    • Compliance scores
    • Rule results with pass/fail status
    • Severity levels
    • CCI identifiers
    • Detailed messages
  • Search & Filter: Search computers and filter rule results
  • Download Reports: Download raw XML report files

Installation

Prerequisites

  • Python 3.x
  • PowerShell (for running scripts)
  • SCAP Compliance Checker (for generating reports)

Setup

  1. Clone the repository:
git clone https://github.com/jonathancaruso/scap-dashboard.git
cd scap-dashboard
  1. Install dependencies (optional - the startup script will do this automatically):
python -m venv venv
.\venv\Scripts\Activate.ps1
pip install -r requirements.txt

Usage

Starting the Dashboard

Recommended: Use the PowerShell startup script (handles virtual environment and dependencies automatically):

.\start_dashboard.ps1

Alternative: Manual startup:

.\venv\Scripts\Activate.ps1
python app.py

The dashboard will be available at: http://localhost:5000

Generating SCAP Reports

The Run-SCAPDaily.ps1 script is designed to be distributed and run on each system that needs to be scanned for SCAP compliance. Each system runs the script locally to generate its own compliance reports.

Deployment:

  1. Copy Run-SCAPDaily.ps1 to each target system that will run SCAP scans
  2. Ensure SCAP Compliance Checker is installed on each system
  3. Configure the script parameters as needed for your environment
  4. Schedule the script to run (e.g., via Task Scheduler for daily scans)

Running the Script:

On each target system, execute:

.\Run-SCAPDaily.ps1

Script Parameters (optional):

  • -CsccPath: Path to SCAP Compliance Checker executable (default: C:\Program Files\SCAP Compliance Checker 5.12.1\cscc.exe)
  • -CentralContentDir: Path to SCAP content/benchmark folder (read-only, typically a network share)
  • -CentralReportsRoot: Output directory for reports (default: .\SCAP-Reports\Windows)
    • Can be a local path or network share where reports should be collected
  • -BenchmarkId: Specific benchmark ID to use (optional, will auto-detect if not specified)
  • -GenerateHtmlReport: Generate HTML reports in addition to XML (default: $true)

Example:

.\Run-SCAPDaily.ps1 -CentralReportsRoot "\\server\share\SCAP-Reports\Windows" -GenerateHtmlReport $true

Reports will be saved to SCAP-Reports\Windows\[ComputerName]\ directory (local or network path as specified). The dashboard server should have access to this location to display the reports.

Project Structure

scap-dashboard/
├── app.py                    # Flask backend application
├── requirements.txt          # Python dependencies
├── start_dashboard.ps1      # PowerShell script to start the dashboard
├── Run-SCAPDaily.ps1         # PowerShell script for generating SCAP reports
├── templates/
│   └── index.html           # Main dashboard HTML
├── static/
│   ├── style.css            # Dashboard styling
│   └── app.js               # Frontend JavaScript
└── SCAP-Reports/            # SCAP report storage (gitignored)
    └── Windows/
        └── [ComputerName]/
            └── *.xml        # SCAP report files

API Endpoints

  • GET / - Main dashboard page
  • GET /api/computers - List all computers with their reports
  • GET /api/report/<computer>/<filename> - Get detailed report information
  • GET /api/report/<computer>/<filename>/download - Download raw XML report

Configuration

The dashboard automatically scans the SCAP-Reports/Windows/ directory for reports. Each computer should have its own subdirectory containing XML report files.

Report Generation

The Run-SCAPDaily.ps1 script handles:

  • Automatic benchmark detection
  • Content synchronization from central repository
  • Report generation with timestamps
  • Logging of scan operations
  • HTML report generation (optional)

Reports are organized by computer hostname and timestamp, making it easy to track compliance over time.

Notes

  • The dashboard parses XCCDF (eXtensible Configuration Checklist Description Format) XML files
  • Reports are automatically sorted by modification date (newest first)
  • Scores are displayed as percentages based on the default scoring system
  • Rule results are color-coded: Green (pass), Red (fail), Gray (not applicable), Orange (not checked)

About

Web dashboard for SCAP compliance reports with STIG categorization, system info, and rule filtering. Built with Flask.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages