Skip to content

Latest commit

 

History

History
128 lines (115 loc) · 5.84 KB

3.sample.manifests.md

File metadata and controls

128 lines (115 loc) · 5.84 KB

Sample Manifests for Phase I

This document will include abbreviated, sample manifests in a variety of formats subject to interest (e.g. XML, ROLIE, JSON) that illustrate how we might express the Draft Metadata Requirements for Phase I.

So... if there's a format you'd like to see us use and it's not on this page... please tell us via the mailing list!

JSON Manifest Example

{
    "manifest_version": 1,
    "updated": 1552563128,
    "repository": {
        "name": "JovalCM.com SCAP Repository",
        "description": "SCAP feeds published by JovalCM.com.",
        "maintainers": [{ "name": "JovalCM.com", "email": "[email protected]" }]
    },
    "packages": [
        {
            "title": "Cisco IOS CVE Feed (Joval and OVAL Repository merged)",
            "description": "This feed contains all Cisco IOS CVE definitions generated by Joval merged with all additional Cisco IOS CVE definitions in the OVAL Repository.",
            "use_case": "vulnerability",
            "applicable_platform": "Cisco IOS",
            "coverage_scope": "All CVEs for Cisco IOS published in Cisco CVRF feeds that include affected version details.",
            "source": "JovalCM.com and the OVAL Repository",
            "format": "OVAL definitions file",
            "license": "Joval Evaluation License",
            "license_url": "https://jovalcm.com/policies/joval-license-agreement/",
            "url": "http://foo.com/bar.xml",
            "references": [ 
                { "source":"CVE", "id":"CVE-2009-2051" }, 
                { "source":"Vendor Advisory", "id":"cisco-sa-20100922-sip", "url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20100922-sip" } 
            ],
            "package_id": "cve.cisco.ios",
            "updated": 1552563128,
            "md5": "A95C530A7AF5F492A74499E70578D150"
        },
        {
            "title": "VMware ESX/ESXi OS CVE Feed",
            "description": "This feed contains all VMware ESX/ESXi CVE definitions generated by Joval.",
            "use_case": "vulnerability",
            "applicable_platform": "VMware ESXi",
            "coverage_scope": "All VMWare ESX/ESXi CVE definitions published by JovalCM.com.",
            "source": "JovalCM.com",
            "format": "OVAL definitions file",
            "license": "Joval Evaluation License",
            "license_url": "https://jovalcm.com/policies/joval-license-agreement/",
            "url": "http://foo.com/bar.xml",
            "package_id": "cve.vmware.esxi",
            "updated": 1552563128,
            "md5": "A95C530A7AF5F492A74499E70578D150"
        }
        ....
    ]
}

XML Manifest Example

<?xml version="1.0" encoding="UTF-8"?>
<content-repository style="0.1">
      <repository-publisher>SCC</repository-publisher>
      <last-updated>2019-04-03T10:23:17</last-updated>
      <contents>
            <scap-content>
                  <id>U_Adobe_Acrobat_Reader_DC_Continuous_V1R2_STIG_SCAP_1-2_Benchmark.zip</id>
                  <location>http://foo/U_Adobe_Acrobat_Reader_DC_Continuous_V1R2_STIG_SCAP_1-2_Benchmark.zip</location>
                  <checksum style="SHA3_256">e572e8cae0d0cc643b110f03234f9a4f348132cf5fdd1dde7b0f847f152d05ef</checksum>
                  <benchmarks>
                        <benchmark>
                              <id>xccdf_mil.disa.stig_benchmark_Adobe_Acrobat_Reader_DC_Continuous_Track_STIG</id>
                              <title>Adobe Acrobat Reader DC Continuous Track Security Technical Implementation Guide</title>
                              <version>001.002</version>
                              <style>SCAP_1.2</style>
                              <status>accepted</status>
                              <status-date>2018-04-27</status-date>
                              <creator>DISA</creator>
                              <publisher>DISA</publisher>
                              <contributor>DISA</contributor>
                              <source>STIG.DOD.MIL</source>
                        </benchmark>
                  </benchmarks>
                  <platforms>
                        <platform>
                              <id>cpe:/a:adobe:acrobat_dc:::~~continuous~~~</id>
                        </platform>
                  </platforms>
            </scap-content>
            <scap-content>
                  <id>U_Adobe_Acrobat_Reader_DC_Continuous_V1R3_STIG_SCAP_1-2_Benchmark.zip</id>
                  <location>http://foo/U_Adobe_Acrobat_Reader_DC_Continuous_V1R3_STIG_SCAP_1-2_Benchmark.zip</location>
                  <checksum style="SHA3_256">942432786d1fcdfd01e5b000fcd604789930c6cb2728a5feddeb51b4bf94a6e6</checksum>
                  <benchmarks>
                        <benchmark>
                              <id>xccdf_mil.disa.stig_benchmark_Adobe_Acrobat_Reader_DC_Continuous_Track_STIG</id>
                              <title>Adobe Acrobat Reader DC Continuous Track Security Technical Implementation Guide</title>
                              <version>001.003</version>
                              <style>SCAP_1.2</style>
                              <status>accepted</status>
                              <status-date>2018-06-12</status-date>
                              <creator>DISA</creator>
                              <publisher>DISA</publisher>
                              <contributor>DISA</contributor>
                              <source>STIG.DOD.MIL</source>
                        </benchmark>
                  </benchmarks>
                  <platforms>
                        <platform>
                              <id>cpe:/a:adobe:acrobat_dc:::~~continuous~~~</id>
                        </platform>
                  </platforms>
            </scap-content>
      </contents>
</content-repository>

Status

This document is a work in progress!