Command line SCAP 1.2 toolkit for loading, scanning, validating, editing, and exporting security compliance documents
- Stars1.7k
- Forks437
- Open Issues64
LGPL-2.1
- XSLT
- C
- Shell
About OpenSCAP
OpenSCAP is a security compliance toolkit built around the oscap command-line tool. It loads, scans, validates, edits, and exports SCAP documents, letting administrators check systems against security baselines and turn the results into auditable reports.
It understands SCAP content such as XCCDF, OVAL, OCIL, and CPE data streams. Typical use validates a data stream, runs OVAL and XCCDF evaluations against a host, and renders the findings as HTML or other report formats for review and remediation tracking.
It pairs naturally with the ComplianceAsCode policy content, scanning Linux hosts against profiles like CIS, STIG, and PCI-DSS. It runs as a command-line program on Linux under the LGPL-2.1; official Windows support ended in 2022.
Key features
- Load, scan, validate, edit, and export SCAP documents
- Validate SCAP data streams with XCCDF, OVAL, OCIL, and CPE
- Run oval eval and xccdf eval against datastreams
- Generate reports from XCCDF scan results
Details
- On GitHub since
- 2014
- Platforms
- Linux · CLI
- Deployment
- self-hostable
- SCAP
- 1.2 (XCCDF · OVAL · OCIL · CPE)
- Windows support
- Ended in 2022
- License
- LGPL-2.1