Home Tools
We like to think about the OpenSCAP ecosystem in terms of layers: the higher level projects depend on the lower level projects.
At the bottom layer stands OpenSCAP Base. It provides the raw functionality of reading SCAP content and allows you to perform compliance scanning on a single system. It features the NIST-certified command line scanner called oscap.
One layer above stands the SCAP Workbench, a graphical user interface that uses the functionality provided by OpenSCAP Base. It aims to be intuitive and lower the initial learning curve of SCAP scanning.
The tools described above are useful for scanning and possibly remediating already installed and running systems. But what if you need to install a new one, and you want to ensure its compliance from the get go? This is where the OpenSCAP Anaconda Add-on comes in: it integrates into the Anaconda installer and allows you to install a new system that will be compliant with your policy right from the first boot.
Even higher in the hierarchy stands the OpenSCAP Daemon. It enables you to continuously scan multiple systems, whether they run on bare metal or as virtual machines, and it can even perform compliance scans of containers.
At the highest level of the ecosystem are several tools which enable you to maintain multiple systems in a state of security compliance: Spacewalk, Foreman, or Cockpit. The lower level tools provided by the OpenSCAP project can work reliably with any of these system management frameworks.
