Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details

All Projects → OpenSCAP → Openscap

OpenSCAP / Openscap

Licence: lgpl-2.1

NIST Certified SCAP 1.2 toolkit

Labels

compliance scanning

Projects that are alternatives of or similar to Openscap

lunasec

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

Stars: ✭ 1,261 (+68.13%)

Mutual labels: compliance, scanning

Tern

Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBoM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.

Stars: ✭ 505 (-32.67%)

Mutual labels: compliance

Celerystalk

An asynchronous enumeration & vulnerability scanner. Run all the tools on all the hosts.

Stars: ✭ 333 (-55.6%)

Mutual labels: scanning

Symmetric Encryption

Symmetric Encryption for Ruby Projects using OpenSSL

Stars: ✭ 436 (-41.87%)

Mutual labels: compliance

Cloud Custodian

Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources

Stars: ✭ 3,926 (+423.47%)

Mutual labels: compliance

Ort

A suite of tools to assist with reviewing Open Source Software dependencies.

Stars: ✭ 446 (-40.53%)

Mutual labels: compliance

Rudder

Continuous Auditing & Configuration

Stars: ✭ 314 (-58.13%)

Mutual labels: compliance

Comply

Compliance automation framework, focused on SOC2

Stars: ✭ 596 (-20.53%)

Mutual labels: compliance

Multiscanner

Modular file scanning/analysis framework

Stars: ✭ 494 (-34.13%)

Mutual labels: scanning

Phoneinfoga

PhoneInfoga is one of the most advanced tools to scan international phone numbers using only free resources. It allows you to first gather standard information such as country, area, carrier and line type on any international phone number. Then search for footprints on search engines to try to find the VoIP provider or identify the owner.

Stars: ✭ 5,927 (+690.27%)

Mutual labels: scanning

Konan

Konan - Advanced Web Application Dir Scanner

Stars: ✭ 412 (-45.07%)

Mutual labels: scanning

Macos security

macOS Security Compliance Project

Stars: ✭ 348 (-53.6%)

Mutual labels: compliance

Android Scanner Compat Library

A compat library for Bluetooth Low Energy scanning on Android.

Stars: ✭ 462 (-38.4%)

Mutual labels: scanning

Ossec Hids

OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.

Stars: ✭ 3,580 (+377.33%)

Mutual labels: compliance

Opa

An open source, general-purpose policy engine.

Stars: ✭ 5,939 (+691.87%)

Mutual labels: compliance

Natlas

Scaling Network Scanning. Changes prior to 1.0 may cause difficult to avoid backwards incompatibilities. You've been warned.

Stars: ✭ 333 (-55.6%)

Mutual labels: scanning

Zmap

ZMap is a fast single packet network scanner designed for Internet-wide network surveys.

Stars: ✭ 4,083 (+444.4%)

Mutual labels: scanning

Fossology

FOSSology is an open source license compliance software system and toolkit. As a toolkit you can run license, copyright and export control scans from the command line. As a system, a database and web ui are provided to give you a compliance workflow. License, copyright and export scanners are tools used in the workflow.

Stars: ✭ 440 (-41.33%)

Mutual labels: compliance

Gdpr Checklist

The GDPR Checklist

Stars: ✭ 655 (-12.67%)

Mutual labels: compliance

Scantron

A distributed nmap / masscan scanning framework complete with an API client for automation workflows

Stars: ✭ 542 (-27.73%)

Mutual labels: scanning

View All Similar Projects ➔

OpenSCAP

Open Source Security Compliance Solution

About

The oscap program is a command line tool that allows users to load, scan, validate, edit, and export SCAP documents.

Homepage of the project: www.open-scap.org
User Manual: OpenSCAP User Manual
Compilation, testing and debugging: OpenSCAP Developer Manual
For new contributors: How to contribute

Contributing

We welcome all contributions to the OpenSCAP project. If you would like to contribute, either by fixing existing issues or adding new features, please check out our contribution guide to get started. If you would like to discuss anything, ask questions, or if you need additional help getting started, you can either send a message to our FreeNode IRC channel, #openscap, or to our mailing list.

Use cases

SCAP Content Validation

The following example shows how to validate a given source data stream; all components within the data stream are validated (XCCDF, OVAL, OCIL, CPE, and possibly other components):

oscap ds sds-validate scap-ds.xml

Scanning

To evaluate all definitions within the given OVAL Definition file, run the following command:

oscap oval eval --results oval-results.xml scap-oval.xml

where scap-oval.xml is the OVAL Definition file and oval-results.xml is the OVAL Result file.

To evaluate all definitions from the OVAL component that are part of a particular data stream within a SCAP data stream collection, run the following command:

oscap oval eval --datastream-id ds.xml --oval-id xccdf.xml --results oval-results.xml scap-ds.xml

where ds.xml is the given data stream, xccdf.xml is an XCCDF file specifying the OVAL component, oval-results.xml is the OVAL Result file, and scap-ds.xml is a file representing the SCAP data stream collection.

To evaluate a specific profile in an XCCDF file run this command:

oscap xccdf eval --profile Desktop --results xccdf-results.xml --cpe cpe-dictionary.xml scap-xccdf.xml

where scap-xccdf.xml is the XCCDF document, Desktop is the selected profile from the XCCDF document, xccdf-results.xml is a file storing the scan results, and cpe-dictionary.xml is the CPE dictionary.

To evaluate a specific XCCDF benchmark that is part of a data stream within a SCAP data stream collection run the following command:

oscap xccdf eval --datastream-id ds.xml --xccdf-id xccdf.xml --results xccdf-results.xml scap-ds.xml

where scap-ds.xml is a file representing the SCAP data stream collection, ds.xml is the particular data stream, xccdf.xml is ID of the component-ref pointing to the desired XCCDF document, and xccdf-results.xml is a file containing the scan results.

Document generation

without XCCDF rules

oscap xccdf generate guide XCCDF-FILE > XCCDF-GUIDE-FILE

with XCCDF rules

oscap xccdf generate guide --profile PROFILE XCCDF-FILE > XCCDF-GUIDE-FILE

generate report from scanning

oscap xccdf generate report XCCDF-RESULT-FILE > XCCDF-REPORT-FILE

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 750

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (162) 🔗