Check only security updates


Hi, I would like to check only missing security updates from Windows (2K8, 2K12,2K16) and Linux servers (Ubuntu,Debian, Amazon, RHEL).
I checked the windows-patch-baseline and linux-patch-baseline but this profiles get all patches (not only security).
Is there a way to get this information ?
Other question:
Is it possible to integrate inspec with grafana?


@mcm that is a great idea and we should add this to the dev-sec baseline. We could create a control that verifies that all security patches are installed. Would you like to open a PR?


Sure, How should I proceed ?


First, we need to identify all the cli calls to get the list of the security updates, similar to what you see here Once we have that, we can extend the InSpec resource to return a list of security packages. Its best to open tickets with your findings in and