OpenSCAP
SCAP toolkit for compliance scanning: Oval, XCCDF, tailoring files, and remediation snippets (e.g. DISA STIG workflows).
Why it is included
Reference implementation for automated configuration compliance on RHEL-class systems.
Best for
Hardened server baselines and audit evidence generation.
Strengths
- SCAP standards
- oscap CLI
- Ansible remediation links
Limitations
- Content maintenance and scope definition effort
Good alternatives
Lynis · commercial CIS tooling
Related tools
Security & Privacy
Lynis
Host-based security auditing for Unix: misconfigurations, packages, SSH, kernel hardening hints.
Security & Privacy
Wazuh
Open security platform combining SIEM, XDR, file integrity monitoring, and compliance checks across endpoints and cloud.
Security & Privacy
kube-bench
CIS Kubernetes benchmark checker: run checks against nodes, control plane, etcd, and policies with readable reports.
Security & Privacy
John the Ripper
Password cracker focused on fast CPU modes, formats, and incremental attacks—ubiquitous in audits.
Security & Privacy
Tracee
Linux runtime security using eBPF to trace OS and container events with prebuilt signatures and pipeline exports.
Security & Privacy
Syft
CLI and library for generating SBOMs (SPDX, CycloneDX) from images, directories, and archives.