Questions regarding the 'informational' status

[yu410621]

Dear Maintainers,

I have some questions regarding the informational status defined in our status classification:

// utils/compare_results.py: 24

class Status:
    PASS = "pass"
    FAIL = "fail"
    ERROR = "error"
    NOT_CHECKED = "notchecked"
    NOT_SELECTED = "notselected"
    NOT_APPLICABLE = "notapplicable"
    INFORMATION = "informational"  # <-- Focus of inquiry

Could you help clarify the intended use cases for the informational status? Specifically:

Under what circumstances should a rule return this status?

Are there existing implementation examples in the codebase demonstrating its proper usage?

For a rule implementation that:
Performs no actual compliance checks

Serves purely to provide advisory/hint information in reports
Would using the informational status be appropriate? If yes:

Are there specific conventions we should follow when implementing such informational rules?

Should these rules follow the same structure as standard compliance checks while omitting validation logic?

Thank you for your guidance. I want to ensure proper adherence to our status taxonomy when implementing informational reporting features.

[yu410621]

Maybe I didn't express myself clearly, what I wanted to ask was

|Informational
|The rule was checked, but the output from the checking engine is simply information for auditors or administrators; it is not a compliance category. This status value is designed for rules whose main purpose is to extract information from the target rather than test the target.

Can you help me find an example to help me understand what the informational result means?

Thanks!

[Mab879]

The information status/severity (in this project you set the rule severity to informational so that when scan using the content is ran you get an information result) rules are rarely used and have various levels of support across the ecosystem.

It really shouldn't used for anything. It is here to the comply with the XCCDF and OVAL specifications.

One use case that I can think of would something like an "Manual" check in the CIS benchmarks. You can use the scanner to collect data and then manually review it. However, this behavior isn't consistent among integrations into OpenSCAP so I wouldn't recommend it.

As far as what an informational result means. It means that human will need to figure out the final compliance state of that given rule.

[yu410621]

Your response is clear and professional — thank you very much.
I will further verify whether the 'informational' status is truly needed in my case.