Loading...

This issue is archived. You can view it, but you can't modify it. Learn more

XML

Word

Printable

Type: Initiative
Resolution: Done
Priority: Undefined
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:
None

Severity:
None

AssignedTeam:
None

Story Points:
None
Blocked:
False
Ready:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Sprint:
None

Test Coverage:
None

ProdDocsReview-CCS:
Unspecified
ProdDocsReview-Dev:
Unspecified
ProdDocsReview-QE:
Unspecified

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Document link: No official document available

Section number and name: NA

Describe the issue:

A customer is looking for guidance on how to use VEX files with OpenSCAP in RHEL 10. Specifically, they want to know what command or workflow should replace

/usr/bin/oscap oval eval --report ...

given the deprecation of OVAL v2.

References:

Blog: https://www.redhat.com/en/blog/red-hat-vex-files-cves-are-now-generally-available
Announcement: https://access.redhat.com/security/oval-v2-deprecation-announcement

Impact of this issue:

Customers do not have documented steps to follow, which causes confusion when transitioning from OVAL to VEX in RHEL 10.

Suggestions for improvement:

I did not find any mention in the RHEL 10 product documentation about OVAL v2 deprecation, nor are there steps explaining how to consume or use VEX files with OpenSCAP.

duplicates

RHELDOCS-20894 Missing documentation on using VEX files with OpenSCAP in RHEL 10 after OVAL v2 deprecation

Closed

Assignee:: Unassigned

Reporter:: Pradeep Jagtap

Archiver:: Tomas Capek

Created:: 2025/08/25 5:27 AM

Updated:: 2025/08/25 1:20 PM

Resolved:: 2025/08/25 1:20 PM

Archived:: 2025/08/25 1:21 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates