What are the differences between the openscap security guides provided by RHEL repository and the ones provided by GitHub repository.

Latest response

Hi,

I want to know what are the differences between the openscap datastream files (security guides) that are provided by the package "scap-security-guide" obtained from RHEL repository (rhel-7-server-releases-rhui-beta) and the openscap datastream files (security guides) that can be obtained directly from GitHub repository https://github.com/ComplianceAsCode/content.

Operating System: Red Hat Enterprise Linux Server 7.8

Responses

Hi,

The GitHub repository https://github.com/ComplianceAsCode/content is an upstream project where developers from security community collaborate on creating security guides. The datastream files obtained from there contains the latest development version.

Red Hat takes the source code from the GitHub repository, performs testing of it, fixes bugs, ships it to customers as the scap-security-guide RPM package in RHEL and then provides support for it.

In general, the content from both sources is similar, but "scap-security-guide" in RHEL contains patches that fix bugs or remove some experimental features.