lab5-vuln-mgmt — Offline Vulnerability Management
An ACAS/Tenable.sc-style vulnerability management toolchain for RHEL 9 environments where the internet is not a given. OpenSCAP scans feed a SQLite store mapped against NIST 800-53. Stdlib Python only — no pip at runtime.
Built for the constraint that defines a lot of real DoD environments: the machine doesn’t get to call out to PyPI.
Scans run via OpenSCAP, parse into SQLite, and map findings against NIST 800-53 controls. The XLSX exporter is hand-rolled because openpyxl isn’t on the box. The reporting web UI is a custom HTTP server for the same reason. Triage decisions append to an audit log instead of mutating state.
Nothing here is exotic — but every piece had to work without an outbound connection, and that constraint shaped every decision.