To date, I've used OpenSCAP to check the configuration of Unix operating
systems against government baselines.
But I assume OpenSCAP can consume any SCAP content including daily CVE
feeds? I have not tried that yet. And superficial searching did not reveal
any obvious documentation.
Does anyone know of a good example that would get a person started with
using OpenSCAP to consume CVE feeds? Any recommendations of freely
available feeds?
Thanks!
Greg Elin