Red Hat OVAL v2

OVAL v2

• The Scope from certification perspective: all product streams from RHEL7 and RHEL8.

  • We expect your product to consume and report CVEs on all product streams from RHEL7 and RHEL8.

  • The certification test harness images include container images based only on RHEL7 and RHEL8.

• Unpatched OVAL v2 streams contain both patched and unpatched CVEs.

  • If an unpatched stream is available for a product+version you can choose to consume only unpatched stream.

• The majority of OVAL assets wait for the erratum to be shipped. New errata and changes to existing errata are pulled periodically every 6 hours.

Resources

• [1] Red Hat OVAL v2

• [2] Red Hat and OVAL compatibility

• [3] Blog: Evolving OVAL

• [4] CIS OVAL community