About the OVAL Repository

The transition and subsequent removal of MITRE's OVAL Repository may potentially cause issues with links in the documentation below. Please refer to more current documentation available at ovalproject.github.io.

The OVAL Repository is the central meeting place for the OVAL Community to discuss, analyze, store, and disseminate OVAL Definitions, which are standardized, machine-readable tests written in the OVAL Language. Other Repositories in the community also host OVAL content, which can include OVAL System Characteristics files and OVAL Results files as well as definitions.

The documents below explain the OVAL Repository in more detail.

Basics

OVAL Repository Overview

Provides an overview of the OVAL Repository, explains how the community participates by writing and submitting OVAL Definitions, and provides a link to the OVAL Repository’s "Statement of CVE Compatibility."

OVAL Forum Discussion Archives

Archive of community discussions regarding new and previously posted OVAL Repository content.

Tracking Changes

Details the seven stages of the OVAL Definition lifecycle and the process for tracking revisions to content in the OVAL Repository.

Top Contributor Awards

The OVAL Repository Top Contributor Award Program grants awards on a quarterly basis to the top contributors to the OVAL Repository. Awards are posted for the current year as well as for past years.

Other Repositories of OVAL Content

Descriptions of and links to other known publicly accessible OVAL repositories.

Submitting Content

OVAL Author’s Resources

Gathers documents and tools for authoring content in the OVAL Language into a single location. Included are prerequisites, instructional documents, useful tools, and how to obtain further assistance.

Challenges of Writing OVAL Definitions

Describes the skill set required for authoring OVAL Definitions, of which knowledge of the OVAL Language itself is only a small part. Also explained is how the underlying research necessary to sufficiently understand a known good or bad system state is a challenge that is independent of OVAL, but that by providing a standard format for describing it OVAL significantly helps software vendors and researchers by providing a baseline for them to collaborate in investigating the detailed system information that is needed.

Writing an OVAL Definition

Instructions for writing OVAL Definitions in the OVAL Language.

Authoring Style Guide

A living document detailing the stylistic decisions that have been made for OVAL Language content including definitions, tests, objects, states, and variables.

Submission Guidelines

Guidelines for submitting OVAL vulnerability, compliance, inventory, and patch definitions to the OVAL Repository.

Test Content

OVAL Test Content

A set of OVAL Definitions that provides a simple way to test the capability of OVAL Definition Evaluators. After running the OVAL Test Content through an OVAL Definition Evaluator, the OVAL Results will show you which tests are properly supported by that tool. This allows unit testing of tools against the language. Developers may use this content to help guide the development of new tools, users may use this content as part of their evaluation of competing products, and content authors may use the content as a reference for writing new content.

Back to top

Page Last Updated: February 09, 2016