[OVAL DEVELOPER] Schema proposal for Docker

Martin Preisler mpreisle at redhat.com
Fri Aug 12 10:44:06 EDT 2016

----- Original Message -----
> From: "William Munyan" <William.Munyan at cisecurity.org>
> To: "David Solin" <solin at jovalcm.com>
> Cc: "oval developer" <oval_developer at lists.cisecurity.org>, "Oval" <oval at cisecurity.org>
> Sent: Thursday, August 11, 2016 2:31:33 PM
> Subject: Re: [OVAL DEVELOPER] Schema proposal for Docker
> David,
> The shell command stuff and SUSE should have been removed as part of the
> commits/pull requests etc….  I had a request to separate out the SUSE, Shell
> Command stuff so I removed them.  It is very possible I did something wrong
> via Git, but the only files in the PR should pertain to Docker.

Hi Bill,

thanks for your proposal, it looks very interesting. I am also working on a
container proposal and there is a lot of overlap. I suggest we work together
to fulfill all the use-cases.

My PR with notes: https://github.com/OVALProject/Sandbox/pull/147

I also provided some notes in the PR you submitted:

My main use-case is being able to generate container image CVE feeds similar
to what is done with RPM or DPKG CVE feeds today. For that I need to query
container labels and container signatures via OVAL.

I am on PTO, I will be back at the end of August to provide more feedback
and patches to your XSD :-)

Martin Preisler
Identity Management and Platform Security | Red Hat, Inc.


More information about the OVAL_Developer mailing list