Click here and fill out the form to receive an invite to the Open Cybersecurity Alliance slack instance, then join the #scapv2_prototype channel, to meet and discuss usage with the team.
Click here to view an introduction video on this project and the use cases it solves for.
The SCAPv2 Prototype project is an effort to create an open-source prototype implementation of the SCAPv2 data collection architecture. This project has two main goals:
- To experiment and validate designs before codified in an architecture standard
- To work towards providing an example implementation in order to support the future testing of compliant vendor products.
The project supports dummy message flows through the architecture, in support of key use cases. Additional information is available in doc.
The Security Content Automation Protocol (SCAP) is a super-standard that is publshed by NIST (NIST SP 800-126), comprised of a number of referenced component standards maintained by NIST as well as other groups. The primary use cases of SCAP surround automated enterprise security assessment, vulnerability and patch management, configuration assessment, and software inventory.
SCAPv2 is an effort that began in late 2018 to create the next major iteration of the SCAP standard, in support of several key goals:
- To support continuous monitoring of enterprise assets, rather than just-in-time
- To expand the SCAP focus to all enterprise assets including cloud, mobile, IoT etc, rather than only focusong on traditional endpoints
- To standardize interoperable architectural components, rather than just be a data format standard
Development on the SCAPv2 standard itself occurs in several open public working groups.
Docker, OpenDXL broker and client
See INSTALL
We are thrilled you are considering contributing! We welcome all contributors.
Participation is expected to be consistent with the Code of Conduct, the licenses, and the acceptance of our individual Contributor License Agreement, generally at the time of first contribution.
Please read our guidelines for contributing.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.