Hi,

I am trying to find the oval definition files for scanning fedora systems using openscap for identifying the cve related vulnerabilities.

Here is the link - ‘https://oval.cisecurity.org/repository/download’ which i found but it does not contain the definition files for latest versions of fedora server and also some of the xml files seems to contain no cve definition entries in them based on which scan is done.

Here is one for redhat - ‘Security Data - /oval/v2/’. Something similar i am looking for fedora servers

please suggest.

Thanks
Sudhir

How are these files made available there? Does CIS generate them or does someone else provide them with the information?

(I’ve not heard of anything in the community about generating and uploading these, ever in my >10 years here)

yes looks like these definitions are generated and maintained by the cissecurity.