OpenSCAP represents both a library and a command line tool which can be used to parse and evaluate each component of the SCAP standard. The library approach allows for the swift creation of new SCAP tools rather than spending time learning existing file structure. The command-line tool, called oscap, offers a multi-purpose tool designed to format content into documents or scan the system based on this content. Whether you want to evaluate DISA STIGs, NIST‘s USGCB, or Red Hat’s Security Response Team’s content, all are supported by OpenSCAP.

If your main goal is to perform configuration and vulnerability scans of a local system then oscap can be the right tool for you. It can evaluate both XCCDF benchmarks and OVAL definitions and generate the appropriate results. The tool supports SCAP 1.2 and is backward compatible with SCAP 1.1 and 1.0.

OpenSCAP is available on various Linux distributions, including Red Hat Enterprise Linux, Fedora and Ubuntu. Since version 1.3.0 OpenSCAP supports also Microsoft Windows.

sudo apt-get install libopenscap8

Does not require root access to run. Can generate reports as HTML or XML.