I realize that the various compliance scans are only available in the Professional Edition, but I am wondering if there is a way to create my own compliance audits?
When I currently use the Community Edition to create a new Compliance Policy it gives me a basic policy that is made up of vulnerabilities - which is obviously not a compliance scan.
I would like to create my own scan that performs compliance scanning - for example, it can do what Nessus can do and determine if there is a minimum password length set on a host.
Is this possible and if so where I can learn to do this? The documentation doesn’t seem to answer this and I cannot use the professional edition.
I have found another similar topic but that just points to the professional edition, and I was hoping to create my own true compliance scans that are not doing vulnerability scans but checking the configuration of a system?
Truly appreciate any guidance on this topic - if there is an open-source set of compliance scans for GVM that would be great.