Other Repositories
Links to other known publicly accessible OVAL repositories are included below.
Altx-Soft
The Altx-Soft repository of OVAL content consists of OVAL Definitions imported from several sources. Created February 2012.
Repository: http://www.ovaldb.altx-soft.ru/
Debian Project
The Debian repository of OVAL content consists of OVAL Definitions that correspond to Debian security advisories. Created August 2010.
Repository: http://www.debian.org/security/oval/
IT Security Database
This site collects OVAL Definitions from sources such as the OVAL Repository, Red Hat, Suse, NVD, Apache, etc., and provides a unified, easy-to-use Web interface to all IT security related items about them including patches, vulnerabilities, and compliance checklists. Created: November 2010.
Repository: http://www.itsecdb.com/oval
NIST Computer Security Division
The Security Content Automation Program (SCAP) is a public free repository of security content to be used for automating technical control compliance activities, vulnerability checking (both application misconfigurations and software flaws), and security measurement. Created January 2007.
Repository: http://scap.nist.gov/content/
Novell, Inc.
The SUSE Linux Enterprise OVAL Information database is an index of fixed security incidents indexed by product, RPM package name and version for use in security compliance checking. Created July 2010.
Repository: http://support.novell.com/security/oval/
Red Hat, Inc.
The Red Hat repository of OVAL content consists of OVAL Patch Definitions that correspond to Red Hat Errata security advisories. Created May 2006.
Repository: http://www.redhat.com/oval
SecPod Technologies
SecPod OVAL Definitions Professional Feed, also hosted as a repository, is a service providing Vulnerability, Inventory, Compliance, and Patch definitions covering majority of the CVE’s for various operating systems, enterprise servers, and applications. Created December 2010.
Repository: http://oval.secpod.com
Page Last Updated: February 03, 2012
