Integrating with
OpenRMF® Professional

With version 2.6, we have introduced the OpenRMF® Professional API for automating uploads, extracting information, and using it as a data source for your RMF and FedRAMP information.

Integration Using the API

OpenRMF® Professional is not just another data silo. You can use it as a data source for integration into other applications, reports, CI/CD processes, DevSecOps processes and dashboards as well!

The common uses of the OpenRMF® Professional API is for uploading the SCAP XCCDF XML files and CKL checklists files, along with the .nessus exports of Nessus/ACAS patch scans. But there are a lot more uses beyond automating your scans and auto-uploading for continuous monitoring.

We have some code examples in our GitHub public repo using curl and python3 scripts to perform some of the following:

  • Uploading SCAP XCCDF *.xml files in a directory
  • Getting your System Package record
  • Listing your System Package Checklists
  • Downloading the raw CKL file
  • Downloading the hardware, software, PPSM and POAM as .xlsx files
  • Pulling your checklist vulnerability score
  • Pulling your patch vulnerability score

Example Grafana Dashboard

We have an example Grafana dashboard to show using the APIs to track checklist and patch vulnerabilities, with an automatic refresh set.

OpenRMF Professional System Package Grafana Dashboard