Replies: 2 comments
-
Usually vulnerability information is distributed directly directly from the OS vendor. For example Ubuntu uses the OVAL feeds at https://security-metadata.canonical.com/oval/com.ubuntu.noble.usn.oval.xml.bz2. |
Beta Was this translation helpful? Give feedback.
0 replies
-
As Matthew mentioned, vulnerability data is distributed directly by the vendors. The project here is not about vulnerability data, but instead about security benchmarks, like CIS, STIG and so on. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I want to use openSCAP to scan operating system vulnerabilities, but it is a new operating system. I hope to contribute the vulnerability information released by this operating system to our project. How should I do this?
Beta Was this translation helpful? Give feedback.
All reactions