Skip to content

Writing OVAL Content

Jump to bottom Edit New page
Greg Elin edited this page Jul 20, 2015 · 20 revisions

SCAP-Security-Guide Authoring Conventions

Understanding the following conventions will make it easier to navigate the SCAP-Security-Guide repository and author SCAP content.

  • OVAL definitions are written as SSG source OVAL XML files using a shorthand syntax. This shorthand syntax is unique to SSG.
  • Each SSG source OVAL XML file defines one vulnerability assessment definition.
  • Each SSG source OVAL XML file is named for the vulnerability assessed, separating words with underscores (example: accounts_password_pam_decredit.xml)
  • SSG source OVAL XML files are transformed into OVAL XML files during the SSG build process.
  • SSG source OVAL XML files applicable to a single version of software is located in the software's input/checks directory.
  • SSG source OVAL XML files applicable to a multiple versions of software is located in the shared/oval directory.
Add a custom footer
Add a custom sidebar
Clone this wiki locally