SCAP Workbench is a tool that can open XCCDF [1] or SDS [2] files and allows the user to evaluate either local or remote machine using the content in the opened file.

Feature Highlights

intro screenshot
  • XCCDF 1.1 and 1.2 support

  • Source DataStream 1.2 support

  • XCCDF 1.2 Tailoring file support

  • Evaluation of local machine

  • Evaluation of remote machine (using SSH)

  • Limited tailoring support - selection, unselection and set value

  • Saving results as XCCDF 1.1 or 1.2 (depending on input) or ARF 1.1

  • Loading content bundle from RPM

  • Exporting content bundle as RPM or into a folder


Build Dependencies

  • cmake >= 2.6

  • Qt4 (Core, GUI, XmlPatterns)

  • openscap >= 1.2.0

  • cmake-gui [optional]

Runtime Dependencies (workbench machine)

  • setsid

  • nice

  • ssh and scp (if you want remote scanning)

Runtime Dependencies (evaluated machine)

  • oscap >= 0.8.0


From package repository (YUM)

# yum install scap-workbench

From package repository (APT)

# apt-get install scap-workbench

From source
  1. $ mkdir build ; cd build

  2. $ cmake ../

  3. $ make

  4. # make install

From source (custom options)
  1. $ mkdir build ; cd build

  2. $ cmake-gui ../

  3. (select appropriate options in cmake-gui)

  4. $ make

  5. # make install

Typical Use Case

Let us go over a common use case. Any section marked (optional) can be skipped if you do not need the feature explained in it.

Obtain SCAP content

Even before we start the workbench we need to find content to open. Probably the best choice right now is scap-security-guide [3].

It is possible that scap-security-guide has already been installed on your system as a dependency of scap-workbench. If it isn’t, install it:

From the package repository (YUM)

# yum install scap-security-guide

From the package repository (APT)

# apt-get install scap-security-guide

From upstream source (for advanced users or content developers)
  1. $ git clone https://github.com/OpenSCAP/scap-security-guide.git ; cd scap-security-guide

  2. $ make

Alternative SCAP content (optional)

Start SCAP Workbench

After installation a new application entry for SCAP Workbench should appear in your desktop environments application menu.

starting scap workbench
Figure 1. SCAP Workbench application entry in GNOME 3

In case you cannot find any SCAP Workbench application icon / entry to click, press Alt+F2 to bring up the run command dialog (works in Gnome 3 and KDE 4), type 'scap-workbench' and confirm.

SCAP Workbench should start and if you installed scap-security-guide from your package repository, workbench will immediately open a dialog letting you choose which SSG variant you want to open.

ssg integration
Figure 2. SSG integration dialog

For the remainder of this guide let us assume that you chose Fedora. All the instructions are similar on other variants.