oscap-scan-and-upload.yml

---
- name: OpenSCAP Scan and Upload Data
  hosts: web
  become: True
  gather_facts: False
  
  tasks:
    - name: Upload scan results to cloud.redhat.com
      command: insights-client --compliance
      ignore_errors: yes

# - name: OpenSCAP Scan and Upload Data
#   hosts: web
#   become: True
#   gather_facts: False
#   vars:
#     oscap_profile: xccdf_org.ssgproject.content_profile_standard
#     oscap_policy: ssg-rhel7-ds
#     scan_results: /tmp/scan.xml
  
#   tasks:
#     - name: Clean up any previous scan results
#       file:
#         name: /tmp/scan.xml
#         state: absent

#     - name: Run OpenSCAP scan
#       command: oscap xccdf eval \
#         --profile {{ oscap_profile }} \
#         --results {{ scan_results }} \
#         /usr/share/xml/scap/ssg/content/{{ oscap_policy }}.xml
#       ignore_errors: yes

#     - name: Upload scan results to cloud.redhat.com
#       command: insights-client \
#         --verbose --payload {{ scan_results }} \
#         --content-type application/vnd.redhat.compliance.something+tgz