Hello fans of SCAP and security content,
some of you might have noticed that there is a new repository `github.com/ComplianceAsCode/content`.

tl;dr: SCAP Security Guide implies strong ties to the SCAP format. Over time the project evolved and is now format-agnostic. To avoid confusion we decided to rename the project.

Even though SCAP Security Guide started purely as a producer of SCAP formatted data, if you take a look at the README from that time, it quite clearly expresses the real idea behind it. I will quote one part, full is available [1]

This project is an attempt to allow multiple organizations to
efficiently develop such content by avoiding redundancy, which is
possible by taking advantage of features of the SCAP standards.

The SCAP was there as a means of collaboration. While SCAP is great idea on the paper, in practice it often falls short. Especially OVAL can be quite challenging as a common language. It's hard to use, domain specific and declarative. These design choices prevent it from having a broader appeal. This is my personal opinion, but I believe it's shared by most contributors.

Past experience also made it quite obvious that no single language or format will satisfy everybody. Additionally, there is no single format suitable for every platform.

As a result, we have expanded the scope of SSG to support Bash remediation roles, Ansible, puppet. We have also made the build system adaptable and flexible. This opens doors to more formats and languages in the future.

With these changes in place, we felt like it was imprecise to have SCAP in the name. Treat "content" as an interim name for now. The important part is the move to the "ComplianceAsCode" organization. We believe it better encompasses our vision of the project.

We are in process of finding ourselves better name. It is proving difficult to find a name that is fitting and likeable so we don't have an ETA yet. Please bear with us.

From the perspective of the project, nothing changes - CI is the same, maintainers are the same, focus is the same. It is just a name change, but with a big message. And we hope you are happy about the change. Let's start a new chapter in this project's rich history together.

We will also be more than happy for any question or feedback on this change.

Thank you for your support,
Marek on behalf of ComplianceAsCode/content

[1] https://github.com/ComplianceAsCode/content/tree/2ef5b750a76b450171f5badbff1565d6f37944fe

Open-scap-list mailing list

Reply via email to