Skip to content
Please note that GitHub no longer supports your web browser.

We recommend upgrading to the latest Google Chrome or Firefox.

Learn more

/openscap

NIST Certified SCAP 1.2 toolkit
scap xccdf oval cpe compliance openscap scanning data-stream
XSLT C Shell CMake Python Rich Text Format Other
  1. XSLT 69.4%
  2. C 23.9%
  3. Shell 4.7%
  4. CMake 0.5%
  5. Python 0.5%
  6. Rich Text Format 0.3%
  7. Other 0.7%
Branch: maint-1.3
Find File
Clone or download

Clone with HTTPS

Use Git or checkout with SVN using the web URL.

Download ZIP

Launching GitHub Desktop...

If nothing happens, download GitHub Desktop and try again.

Launching GitHub Desktop...

If nothing happens, download GitHub Desktop and try again.

Launching Xcode...

If nothing happens, download Xcode and try again.

Launching Visual Studio...

If nothing happens, download the GitHub extension for Visual Studio and try again.

@yuumasato
yuumasato Merge pull request #1389 from isimluk/remove-my-code-again 
Remove duplicate case in a switch (xslt:choose)
Latest commit f6f9767 Aug 1, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github Added GitHub issue template Jun 15, 2018
Dockerfiles Add Dockerfile for testing MITRE tests Aug 14, 2018
build Add .gitkeep file to build directory Nov 14, 2017
cmake Don't shout about pthread when configuring May 25, 2018
compat Clean up oscap_platforms.h Sep 14, 2018
cpe Merge branch 'maint-1.2' into maint-1.3 Jul 22, 2019
dist Move OVAL probe_handler to private API Aug 9, 2018
docs Merge branch 'maint-1.2' into maint-1.3 Jul 22, 2019
release_tools Bump version after release Jun 13, 2019
schemas Merge branch 'maint-1.2' into maint-1.3 May 28, 2019
src Merge pull request #1385 from evgenyz/selinux-context Jul 26, 2019
swig Add cmake policies (CMP0078 and CMP0086) related to UseSWIG with OLD … May 23, 2019
tests Merge branch 'maint-1.2' into maint-1.3 Jul 22, 2019
utils Merge pull request #1386 from evgenyz/oscap-vm Jul 26, 2019
xsl Remove duplicate case in a switch (xslt:choose) Jul 30, 2019
.gitignore Remove Python 2 SWIG bindings from .gitignore Jun 19, 2018
.pep8speaks.yml Added 99-width PEP8 config. Apr 20, 2018
.travis.yml Remove --graphviz from TRAVIS CI for MacOS Mar 12, 2019
AUTHORS Add V. Batts into Authors. Jan 15, 2018
CMakeLists.txt Merge pull request #1352 from ignatenkobrain/rpm-4.15 Jul 19, 2019
COPYING * create fedora specfile Jan 16, 2009
NEWS Fix year Jun 18, 2019
README.md Add Travis CI Badge Jul 12, 2018
appveyor.yml Add maint-1.3 to Appveyor Oct 9, 2018
config.h.in Add HAVE_RPMVERIFYFILE to config.h.in Jul 15, 2019
lgpl-2.1.rtf Add RTF version of the GNU LGLP 2.1 license May 18, 2018
libopenscap.pc.in Do not populate the full version to pkgconfig file Aug 9, 2018
oscap_wrapper.in Fixed comments. Jun 12, 2019
run.in
sonar-project.properties Removed coverage tracking. Jan 18, 2019
wix_patch.xml Generate Windows MSI installer May 18, 2018

README.md

OpenSCAP

Build status Build Status

Open Source Security Compliance Solution

About

The oscap program is a command line tool that allows users to load, scan, validate, edit, and export SCAP documents.

Contributing

We welcome all contributions to the OpenSCAP project. If you would like to contribute, either by fixing existing issues or adding new features, please check out our contribution guide to get started. If you would like to discuss anything, ask questions, or if you need additional help getting started, you can either send a message to our FreeNode IRC channel, #openscap, or to our mailing list.

Use cases

SCAP Content Validation

  • The following example shows how to validate a given source data stream; all components within the data stream are validated (XCCDF, OVAL, OCIL, CPE, and possibly other components):
oscap ds sds-validate scap-ds.xml

Scanning

  • To evaluate all definitions within the given OVAL Definition file, run the following command:
oscap oval eval --results oval-results.xml scap-oval.xml

where scap-oval.xml is the OVAL Definition file and oval-results.xml is the OVAL Result file.

  • To evaluate all definitions from the OVAL component that are part of a particular data stream within a SCAP data stream collection, run the following command:
oscap oval eval --datastream-id ds.xml --oval-id xccdf.xml --results oval-results.xml scap-ds.xml

where ds.xml is the given data stream, xccdf.xml is an XCCDF file specifying the OVAL component, oval-results.xml is the OVAL Result file, and scap-ds.xml is a file representing the SCAP data stream collection.

  • To evaluate a specific profile in an XCCDF file run this command:
oscap xccdf eval --profile Desktop --results xccdf-results.xml --cpe cpe-dictionary.xml scap-xccdf.xml

where scap-xccdf.xml is the XCCDF document, Desktop is the selected profile from the XCCDF document, xccdf-results.xml is a file storing the scan results, and cpe-dictionary.xml is the CPE dictionary.

  • To evaluate a specific XCCDF benchmark that is part of a data stream within a SCAP data stream collection run the following command:
oscap xccdf eval --datastream-id ds.xml --xccdf-id xccdf.xml --results xccdf-results.xml scap-ds.xml

where scap-ds.xml is a file representing the SCAP data stream collection, ds.xml is the particular data stream, xccdf.xml is ID of the component-ref pointing to the desired XCCDF document, and xccdf-results.xml is a file containing the scan results.

Document generation

  • without XCCDF rules
oscap xccdf generate guide XCCDF-FILE > XCCDF-GUIDE-FILE
  • with XCCDF rules
oscap xccdf generate guide --profile PROFILE XCCDF-FILE > XCCDF-GUIDE-FILE
  • generate report from scanning
oscap xccdf generate report XCCDF-RESULT-FILE > XCCDF-REPORT-FILE
You can’t perform that action at this time.