Open
Conversation
New react base page for scheduling the scap scan
…ap policy is selected
admd
force-pushed
the
scap-enhancements
branch
from
3b9cf91 to
d4cfc18
Compare
…o see why it's failing in CI but not locally Replace TAILORING_FILES_DIR and SCAP_CONTENT_DIR with
admd
requested review from
agraul,
bisht-richa,
mcalmer,
parlt91 and
rjmateus
and removed request for
a team and
nadvornik
Contributor
Author
|
@agraul can you please review the two sls files and change in susemanager.conf file about new file root. |
admd
force-pushed
the
scap-enhancements
branch
from
7b79c4e to
b678fcf
Compare
rjmateus
previously approved these changes
Feb 6, 2026
Member
rjmateus
left a comment
rjmateus
left a comment
There was a problem hiding this comment.
I only saw a subset of it, but it looks good to me.
bisht-richa
reviewed
Feb 10, 2026
Contributor
bisht-richa
left a comment
bisht-richa
left a comment
There was a problem hiding this comment.
It would be great if you could share screenshots of the new pages.
I noticed btn-success is used in several places. Could we update those to btn-default or btn-primarty to keep the styling consistent?
You can refer to the Storybook button guidelines here:https://mlm-ref-head-server.mgr.suse.de/rhn/manager/storybook?tab=buttons
Contributor
Author
Thank you Richa for taking a look. I have attached the screenshots now. I will go through the Storybook button guidelines and make the adjustments if needed. |
There was a problem hiding this comment.
Pull request overview
This PR introduces a modernized, beta-enabled SCAP auditing integration for the platform. The key change is a shift from requiring SCAP content to exist on minions beforehand to a centralized model where content is managed and transferred from the Salt master at runtime.
Changes:
- Added user-level beta features toggle to enable/disable the new SCAP integration
- Introduced centralized SCAP content, tailoring file, and policy management through the WebUI
- Implemented "SCAP Policies" as reusable audit configurations with support for recurring scheduled scans
- Added remediation application and custom remediation saving capabilities
Reviewed changes
Copilot reviewed 134 out of 135 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| web/spacewalk-web.changes.abid.scap-enhancements | Changelog for beta feature flag and SCAP redesign |
| web/html/src/manager/systems/ssm/audit/schedule-scap-scan-ssm.tsx | SSM SCAP scan scheduling UI component |
| web/html/src/manager/systems/index.ts | Registered SSM audit scheduling module |
| web/html/src/manager/shared/menu/menu.tsx | Added beta badge rendering to menu items |
| web/html/src/manager/recurring/recurring-actions.tsx | Added betaEnabled flag for recurring actions |
| web/html/src/manager/recurring/recurring-actions-edit.tsx | Added SCAP Policy picker for recurring actions |
| web/html/src/manager/recurring/recurring-actions-details.tsx | Added SCAP Policy display in action details |
| web/html/src/manager/minion/index.ts | Registered minion audit scheduling modules |
| web/html/src/manager/minion/audit/schedule-scap-scan.tsx | Minion SCAP scan scheduling UI |
| web/html/src/manager/minion/audit/audit-common.css | Styles for SCAP scan and rule result UI |
| web/html/src/manager/audit/scap/scap-policy-details.css | Styles for SCAP policy details page |
| web/html/src/manager/audit/scap/list-tailoring-files.tsx | UI for managing tailoring files |
| web/html/src/manager/audit/scap/list-scap-policies.tsx | UI for managing SCAP policies |
| web/html/src/manager/audit/scap/list-scap-content.tsx | UI for managing SCAP content |
| web/html/src/manager/audit/scap/create-tailoring-file.tsx | UI for creating/editing tailoring files |
| web/html/src/manager/audit/scap/create-scap-content.tsx | UI for uploading SCAP content |
| web/html/src/manager/audit/index.ts | Registered audit module routes |
| web/html/src/components/policies-picker.tsx | Policy selection component for recurring actions |
| web/html/src/components/input/text/Text.tsx | Added required field support |
| web/html/src/components/input/text-area/TextArea.tsx | Added required field support |
| web/html/src/components/ComplianceBadge.tsx | Badge component for compliance percentage display |
| web/html/src/branding/css/base/theme.scss | Beta badge styling |
| web/html/src/branding/css/base/mixins.scss | Empty addition (whitespace) |
| web/html/src/branding/css/base/components/nav.scss | Beta feature tab styling |
| susemanager-utils/susemanager-sls/susemanager-sls.changes.abid.scap-enhancements | Changelog for Salt states |
| susemanager-utils/susemanager-sls/scap/xccdf-resume.xslt.in | Added remediation extraction from XCCDF |
| susemanager-utils/susemanager-sls/scap/xccdf-profiles.xslt.in | XSLT for extracting profiles from XCCDF |
| susemanager-utils/susemanager-sls/salt/scap_beta/scan.sls | Salt state for SCAP scanning with file transfer |
| susemanager-utils/susemanager-sls/salt/scap_beta/remediation.sls | Salt state for applying SCAP remediation |
| spacewalk/setup/spacewalk-setup.changes.abid.scap-enhancements | Changelog for setup changes |
| spacewalk/setup/salt/susemanager.conf | Added SCAP content file root |
| schema/spacewalk/upgrade/.../003-add_scap_policy_id_to_action_scap.sql | Migration to link actions to policies |
| schema/spacewalk/upgrade/.../002-create-scap-tables.sql | Migration to create SCAP entities |
| schema/spacewalk/upgrade/.../001-rhnUserInfo-beta-features.sql | Migration to add beta features flag |
| schema/spacewalk/susemanager-schema.changes.abid.scap-enhancements | Schema changelog |
| schema/spacewalk/common/tables/tables.deps | Updated table dependencies |
| schema/spacewalk/common/tables/suseXccdfRulefix.sql | Rule remediation table definition |
| schema/spacewalk/common/tables/suseXccdfRuleFixCustom.sql | Custom remediation table definition |
| schema/spacewalk/common/tables/suseScapTailoringFile.sql | Tailoring file table definition |
| schema/spacewalk/common/tables/suseScapPolicy.sql | SCAP policy table definition |
| schema/spacewalk/common/tables/suseScapContent.sql | SCAP content table definition |
| schema/spacewalk/common/tables/suseRecurringScapPolicy.sql | Recurring SCAP policy table definition |
| schema/spacewalk/common/tables/rhnUserInfo.sql | Added beta features enabled column |
| schema/spacewalk/common/tables/rhnActionScap.sql | Added policy ID foreign key |
| java/webapp/src/main/webapp/WEB-INF/struts-config.xml | Added betaFeaturesEnabled form property |
| java/webapp/src/main/webapp/WEB-INF/pages/common/fragments/user/preferences.jspf | Beta features preference UI |
| java/webapp/src/main/webapp/WEB-INF/pages/common/fragments/audit/rule-common-columns.jspf | Added remediate button for beta mode |
| java/webapp/src/main/webapp/WEB-INF/nav/system_detail.xml | Added beta schedule tab |
| java/webapp/src/main/webapp/WEB-INF/nav/ssm.xml | Added beta audit scheduling |
| java/spacewalk-java.changes.abid.scap-enhancements | Java changelog |
| java/core/src/test/resources/.../xccdf-profiles.xslt.in | Test XSLT for profiles |
| java/core/src/test/resources/.../xccdf-resume.xslt.in | Test XSLT for resume (multiple files) |
| java/core/src/test/java/.../ScapManagerTest.java | Test for remediation extraction |
| java/core/src/main/resources/.../recurring-actions.jade | Added betaEnabled to template |
| java/core/src/main/resources/.../schedule-scap-scan.jade | SSM scan scheduling template |
| java/core/src/main/resources/.../recurring-actions.jade | Multiple templates with betaEnabled |
| java/core/src/main/resources/.../schedule-scap-scan.jade | Minion scan scheduling template |
| java/core/src/main/resources/.../rule-result-detail.jade | Rule result detail template |
| java/core/src/main/resources/.../scap-policy-details.jade | Policy details template |
| java/core/src/main/resources/.../list-tailoring-files.jade | Tailoring files list template |
| java/core/src/main/resources/.../list-scap-policies.jade | Policies list template |
| java/core/src/main/resources/.../list-scap-content.jade | Content list template |
| java/core/src/main/resources/.../create-tailoring-file.jade | Tailoring file form template |
| java/core/src/main/resources/.../create-scap-policy.jade | Policy form template |
| java/core/src/main/resources/.../create-scap-content.jade | Content form template |
| java/core/src/main/resources/.../StringResource_en_US.xml | Multiple i18n string additions |
| java/core/src/main/resources/.../scap_queries.xml | SQL queries for policy compliance |
| java/core/src/main/java/.../TailoringFileJson.java | DTO for tailoring files |
| java/core/src/main/java/.../ScapScanScheduleJson.java | DTO for scan scheduling |
| java/core/src/main/java/.../ScapPolicyScanHistory.java | DTO for policy scan history |
| java/core/src/main/java/.../ScapPolicyResponseJson.java | DTO for policy responses |
| java/core/src/main/java/.../ScapPolicyJson.java | DTO for policy data |
| java/core/src/main/java/.../ScapPolicyComplianceSummary.java | DTO for compliance summary |
| java/core/src/main/java/.../ScapContentJson.java | DTO for SCAP content |
| java/core/src/main/java/.../RecurringActionDetailsDto.java | Added policies field |
| java/core/src/main/java/.../AuditScanScheduleJson.java | DTO for audit scan scheduling |
| java/core/src/main/java/.../ScapUtils.java | Utility for SCAP parameter building |
| java/core/src/main/java/.../MenuTree.java | Beta features menu logic |
| java/core/src/main/java/.../MenuItem.java | Beta badge support for menu items |
| java/core/src/main/java/.../MultipartRequestUtil.java | File upload helper utilities |
| java/core/src/main/java/.../RecurringActionController.java | Added SCAP policy support |
| java/core/src/main/java/.../MinionController.java | Added betaEnabled to templates |
| java/core/src/main/java/.../CustomRemediationJson.java | DTO for custom remediation |
| java/core/src/main/java/.../ApplyRemediationJson.java | DTO for applying remediation |
| java/core/src/main/java/.../Router.java | Registered SCAP audit controller |
| java/core/src/main/java/.../RecurringActionJob.java | SCAP policy job execution |
| java/core/src/main/java/.../RecurringActionManager.java | Added SCAP policy type |
| java/core/src/main/java/.../Rule.java | XML bean for SCAP rules |
| java/core/src/main/java/.../BenchmarkResume.java | Updated XML bean for benchmark |
| java/core/src/main/java/.../BenchMark.java | XML bean for benchmark data |
| java/core/src/main/java/.../ScapManager.java | Added profile extraction and remediation |
| java/core/src/main/java/.../ActionManager.java | Added policy ID support for actions |
| java/core/src/main/java/.../TailoringFileSerializer.java | XML-RPC serializer |
| java/core/src/main/java/.../ScapPolicySerializer.java | XML-RPC serializer |
| java/core/src/main/java/.../ScapContentSerializer.java | XML-RPC serializer |
| java/core/src/main/java/.../NavNode.java | Added CSS class support |
| java/core/src/main/java/.../NavDigester.java | Parse CSS class from XML |
| java/core/src/main/java/.../DialognavRenderer.java | Auto-detect beta features |
| java/core/src/main/java/.../UserPrefSetupAction.java | Load beta features preference |
| java/core/src/main/java/.../UserPrefAction.java | Save beta features preference |
| java/core/src/main/java/.../XccdfDetailsAction.java | Added user to request |
| java/core/src/main/java/.../XccdfSearchAction.java | Added user to request |
| java/core/src/main/java/.../UserInfo.java | Added betaFeaturesEnabled field |
| java/core/src/main/java/.../UserImpl.java | Implemented beta features methods |
| java/core/src/main/java/.../User.java | Beta features interface methods |
| java/core/src/main/java/.../RecurringScapPolicy.java | Entity for recurring SCAP policies |
| java/core/src/main/java/.../RecurringActionType.java | Added SCAPPOLICY type |
| java/core/src/main/java/.../XccdfTestResult.java | Fixed sequence allocation |
| java/core/src/main/java/.../XccdfRuleFixCustom.java | Entity for custom remediations |
| java/core/src/main/java/.../XccdfRuleFix.java | Entity for rule remediations |
| java/core/src/main/java/.../TailoringFile.java | Entity for tailoring files |
| java/core/src/main/java/.../ScriptType.java | Enum for remediation script types |
| java/core/src/main/java/.../ScapPolicy.java | Entity for SCAP policies |
| java/core/src/main/java/.../ScapContent.java | Entity for SCAP content |
| java/core/src/main/java/.../ScapActionDetails.java | Added scapPolicyId field |
| java/core/src/main/java/.../ScapAction.java | Beta mode file transfer implementation |
| java/core/src/main/java/.../SystemAclHandler.java | ACL for beta features check |
| java/core/src/main/java/.../AnnotationRegistry.java | Registered new entities |
| java/core/src/main/java/.../ConfigDefaults.java | SCAP XSLT config defaults |
Comments suppressed due to low confidence (1)
java/core/src/main/java/com/suse/manager/webui/utils/gson/AuditScanScheduleJson.java:1
- Corrected typo: 'audi' should be 'audit', and the comment should be on a single line.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this PR change?
The PR introduces a modernized approach to SCAP auditing within the platform.
Below are the key changes:
Introduction of Feature Flag
User-Level Beta Flag: A new beta_features_enabled flag has been added to the user preferences.
Uyuni uses user.getBetaFeaturesEnabled() to toggle between the legacy SCAP implementation and the new enhanced (beta) integration. More info about usage here
https://github.com/admd/uyuni/wiki/Beta-Features-Toggle-Implementation
Redesign of SCAP Integration (Beta Mode)
Master-to-Minion File Transfer: Unlike the legacy integration which required SCAP content to exist on the minion beforehand, the new design automatically transfers the required SCAP and tailoring files from the Salt master to the minion at runtime.
Consider the size of the Oval files, in order to user them, user still need to make sure they exist on the client already.
Centralized SCAP Management
SCAP Content Management: Users can now upload and manage SCAP DataStream and XCCDF files directly through the WebUI. These are stored centrally on the server .
Tailoring File Management: A dedicated UI for uploading and managing SCAP tailoring files
SCAP Policies
Introduction of "SCAP Policies," which allow users to define a reusable combination of SCAP content, a specific profile, and an optional tailoring file.
User can schedule them on recurrent basis to as it's now part of recurring actions.
User can now also apply remediation from the MLM or can save their own custom remediation if needed
Codespace
Check if you already have a running container clicking on
GUI diff
Schedule Audit
SSM
Systems
Tailoring Files
SCAP Content
SCAP Policies
Documentation
No documentation needed: add explanation. This can't be used if there is a GUI diff
No documentation needed: only internal and user invisible changes
Documentation issue was created: Link for SUSE Multi-Linux Manager contributors, Link for community contributors.
API documentation added: please review the Wiki page Writing Documentation for the API if you have any changes to API documentation.
(OPTIONAL) Documentation PR
DONE
Test coverage
ℹ️ If a major new functionality is added, it is strongly recommended that tests for the new functionality are added to the Cucumber test suite
No tests: add explanation
No tests: already covered
Unit tests were added
Cucumber tests were added
DONE
Links
Issue(s): #
Port(s): # add downstream PR(s), if any
Changelogs
Make sure the changelogs entries you are adding are compliant with https://github.com/uyuni-project/uyuni/wiki/Contributing#changelogs and https://github.com/uyuni-project/uyuni/wiki/Contributing#uyuni-projectuyuni-repository
If you don't need a changelog check, please mark this checkbox:
If you uncheck the checkbox after the PR is created, you will need to re-run
changelog_test(see below)Re-run a test
If you need to re-run a test, please mark the related checkbox, it will be unchecked automatically once it has re-run:
Before you merge
Check How to branch and merge properly!