Editor’s Note: SCAP Sync is available at http://scapsync.com. It is free and there is no registration required
From: About SCAP Sync
Security Content Automation Protocol (SCAP) is a suite of standards developed by the U.S. National Institute of Standards and Technology (NIST), MITRE, and a number of other government organizations and private organizations. SCAP is intended to improve the ability for automated programs to generate, exchange, and store data that is relevant to security, such as assets, configurations, vulnerabilities, policies, and checklists.
This site has two goals. The first goal is to demystify SCAP for the average security practitioner. Our website crawls SCAP content from a number of other websites and collects here in one place. You don’t need to know how to read an XML Schema Document, or know what a CVSS Vector is. We make all of the SCAP content available in an easy, fast, and clean interface.
In short, we want SCAP Sync to be the number one search engine for SCAP content.
Our second goal is more technically oriented. We want to develop an SCAP repository that system integrators and application developers can rely on to incorporate SCAP content into their own solutions. If you have hands-on experience with developing solutions around SCAP, you may have noticed that getting up-to-date SCAP content into your solution can be quite difficult.
Different types of SCAP content (CPE, CVE, etc.) are published on different web sites, and they are published as monolithic XML files. If you only want a single piece of SCAP content (e.g. you want to download CVE-2009-2396), you have to download a large file that contains thousands of other CVEs as well. To complicate matters even further, each piece of content may be updated by NIST or Mitre at any time, which makes your copy of the data out-of-date.
SCAP Sync solves this problem by crawling multiple SCAP content websites, looking for changes to individual pieces of SCAP content, and storing a version history for all SCAP Content. In addition to publishing this up-to-date content on the SCAP Sync website, we also offer a REST API that makes it a breeze to get the latest SCAP content into your own automated solutions and programs. We do all of the heavy lifting so that you can focus on your application.
We are actively soliciting community feedback! If you would like to learn more or provide feedback, please visit our blog.
Leave a Reply