openscap
by
OpenSCAP

Description: NIST Certified SCAP 1.2 toolkit

View on GitHub ↗

Summary Information

Updated 38 minutes ago
Added to GitGenius on September 1st, 2021
Created on April 29th, 2014
Open Issues & Pull Requests: 64 (+0)
Number of forks: 441
Total Stargazers: 1,758 (+0)
Total Subscribers: 69 (+0)

Issue Activity (beta)

Open issues: 48
New in 7 days: 0
Closed in 7 days: 0
Avg open age: 912 days
Stale 30+ days: 48
Stale 90+ days: 45

Recent activity

Opened in 7 days: 0
Closed in 7 days: 0
Comments in 7 days: 1
Events in 7 days: 5

Top labels

  • stale (120)
  • bug (96)
  • enhancement (55)
  • help wanted (54)
  • triaged (31)
  • 1.2 (28)
  • content (28)
  • windows (27)

Most active issues this week

Repository Insights (GitGenius)

Median issue/PR response: 15.2 days
Mean response time: 402.4 days
90th percentile: 1332.8 days
Tracked items: 129

Most active contributors

Detailed Description

OpenSCAP is an open source security compliance solution that implements the NIST Certified SCAP 1.2 toolkit. The project provides the oscap command line tool, which enables users to load, scan, validate, edit, and export SCAP documents. The toolkit supports multiple SCAP components including XCCDF, OVAL, OCIL, CPE, and data streams, making it a comprehensive solution for security compliance assessment and management.

The primary language of the repository is XSLT, reflecting its focus on document processing and transformation within the SCAP ecosystem. The project is classified across multiple security and compliance domains including configuration management, benchmarking, vulnerability assessment, policy automation, and auditing. Its topic tags explicitly cover scap, compliance, cpe, data-stream, oval, scanning, xccdf, and openscap, indicating the breadth of SCAP-related functionality it addresses.

OpenSCAP supports several key use cases in security compliance workflows. For SCAP content validation, the tool can validate all components within a data stream including XCCDF, OVAL, OCIL, and CPE elements. For scanning operations, users can evaluate OVAL definitions from standalone files or from OVAL components within data streams, evaluate specific profiles in XCCDF files, and evaluate specific XCCDF benchmarks that are part of data stream collections. The tool also supports document generation capabilities, allowing users to generate reports both with and without XCCDF rules and to generate reports from scanning results.

The project maintains active development with tracked issue and pull request activity showing a median response latency of 365.3 hours across 129 items, though mean latency is significantly higher at 9656.6 hours, suggesting occasional delays on complex issues. The most active issue labels are triaged with 31 occurrences, content with 10, and bug with 8, indicating a focus on issue categorization and content-related work. The most active contributors tracked by GitGenius are evgenyz with 155 events, Mab879 with 101 events, and jan-cerny with 31 events, showing concentrated maintainer involvement in the project's development.

The repository has connections to other major open source projects through overlapping contributors, with links identified to microsoft/vscode, microsoft/typescript, and rust-lang/rust, suggesting cross-pollination of development practices and expertise. The project explicitly welcomes contributions and provides comprehensive documentation including a user manual, developer manual, and contribution guide. Community engagement is facilitated through an IRC channel at libera.chat #openscap and a mailing list. It is worth noting that official Microsoft Windows support was discontinued as of February 1, 2022, reflecting a shift in platform support priorities. The project is maintained at www.open-scap.org and represents a significant open source effort in the security compliance and SCAP tooling space.

openscap
by
OpenSCAPOpenSCAP/openscap

Repository Details

Fetching additional details & charts...