A list for people interested in developing the OVAL language.View all threads
let me resend a message that originally arrived about three weeks ago,
but HTTP links were rewritten to a form that wasn't useful at all. Big
thanks Steve Grubb for notifying me about the issue and to Adam
Montville for fixing it!
So let me present a tool that I have heard many to request in the past -
the interactive visualizer of OVAL results .
Have you ever encountered a rule that has more than one level of
criteria in its OVAL definition? Or a rule that makes use of
Of course you had encountered such rules.
And what do you do when a scan of such a complex rule passes or fails
The answer to that question probably got much simpler - you can use the
open-source, cross-platform oval-graph CLI tool .
This command consumes the rule name (or regular expression of thereof)
and the ARF file, which is one of the possible standardized formats for
SCAP-compatible scanner results. And then it generates a visualization
that pops up in a web browser.
The OVAL as Graph project  is easy to install on Python3 systems
using the standard pip Python package manager. An RPM package also
exists for Fedora  and the EPEL repository.
We have tested the tool with the OpenSCAP scanner, but it should be
compatible with other scanners as well - give it a shot and reach back
You can read more on Compliance As Code Blog , where you can leave
comments, and we also look forward to pull request or issues that you
can open in the repository .