Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-110845

Missing documentation on using VEX files with OpenSCAP in RHEL 10 after OVAL v2 deprecation

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Undefined Undefined
    • None
    • rhel-10.0
    • Documentation
    • None
    • No
    • None
    • None
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      Document link: No official document available

      Section number and name: NA

      Describe the issue:

      A customer is looking for guidance on how to use VEX files with OpenSCAP in RHEL 10. Specifically, they want to know what command or workflow should replace

      /usr/bin/oscap oval eval --report ...

       given the deprecation of OVAL v2.

      References:

      Blog: https://www.redhat.com/en/blog/red-hat-vex-files-cves-are-now-generally-available 
      Announcement: https://access.redhat.com/security/oval-v2-deprecation-announcement 

      Impact of this issue:

      Customers do not have documented steps to follow, which causes confusion when transitioning from OVAL to VEX in RHEL 10.

      I did not find any mention in the RHEL 10 product documentation about OVAL v2 deprecation, nor are there steps explaining how to consume or use VEX files with OpenSCAP.

       

              Unassigned Unassigned
              rhn-support-prjagtap Pradeep Jagtap
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: