Home > Blogs > VMware Security & Compliance Blog

VMware releases OVAL content editor open source project

Hello Everyone,

Today, VMware releases SCAP 1.3 draft spec compliant Open Source project for OVAL content editor. A couple of months back VMware released an SCAP compliance assessment and remediation app for FREE. The security and compliance community loved it and came back to us asking for an easier and simpler way to write OVAL assessment rules and generate XCCDF out of it instead of handcrafting the XMLs. We listened and responded!

This editor is a VMware Fling project and is derived from Enhanced SCAP Content Editor tool by G2, Inc.


VMware OVAL Editor

Major enhancements and features are:

  • Added support for OVAL 5.11.1 for Independent, Unix, Linux and Windows schemas (SCAP 1.3 draft spec now includes and approves OVAL 5.11.1 schema)
  • Added support for XCCDF 1.2 creation directly from OVAL file
  • Refreshed the tool with modern UI
  • Dropped broken capabilities from previous versions of the tool
  • Dropped obsolete schemas and all other seldom used features
  • Updated libraries to latest versions
  • Updated CPE version to 2.3
  • Restructured the code
  • Removed obsolete and unneeded libraries

So, don’t wait!

  1. Check out the documentation to get started.
  2. Get the bits and start authoring OVAL content right away.
  3. Contribute to the project and make it better.

I am looking forward to hearing from you.

Thanks and regards,
Pravin Goyal
RHCE | HP-UX CSA | VCP4-DCV | MBA | GISP | CloudU | CompTIA CE | ITIL-F | ITSM-F | CWNA | Mobility+ | VSP 2015

This entry was posted in Uncategorized and tagged , , , , , , , on by .
Pravin Goyal

About Pravin Goyal

Pravin Goyal is an information security and regulatory compliance expert in CMBU. He delivers and also leads various security projects such as security and compliance policies for PCI DSS 3.1, HIPAA, IRS, DISA, CIS, vSphere hardening guides and NSX hardening guides He loves to keep abreast of latest developments in the field and find compelling ideas to bring some additional business and profitability to VMware. Additionally, he believes in collaborating across BUs and Companies to deliver customer-facing solutions. Off late, he has authored CIS Docker 1.6 and CIS Docker 1.11.0 Security Configuration Benchmark, NSX-v 6.1 hardening guide and is a co-author of vSphere hardening guide. He is leading the STIG compliance project from CMBU. https://www.linkedin.com/in/pravin-goyal-b7299b33