Home Tools Systems Management

Use OpenSCAP with your systems management solution of choice:

By integrating OpenSCAP with a centrally administered systems management solution, compliance scans can be conducted in parallel and on a repeated basis. This makes compliance easier and reduces the administrative overhead of manual scanning. By aggregating results in a central place, you can easily see the complete state of compliance across your entire organization. Below are several featured solutions with OpenSCAP integration.

Red Hat Satellite 6 (Foreman)

OpenSCAP is used in Red Hat Satellite 6 for automated vulnerability assessment and compliance audit. If you plan to manage compliance of a large-scale infrastructure, Red Hat Satellite 6 is the recommended solution.

See Foreman-OpenSCAP homepage and Foreman-OpenSCAP GitHub page for more details.

OpenSCAP feature of Red Hat Satellite 6.1

Feature highlights

Centralized policy management

Set-up organization defined targeting (connect sets of systems, policies and time schedules)

Collect & archive OpenSCAP audit results from your infrastructure

Set-up periodical audits

Search for systems which have not been audited

Display audit results

Search audit results

Search for non-compliant systems

Red Hat Satellite 5 (Spacewalk)

Satellite 5 is the older incarnation of the Red Hat Satellite product that is still very commonly used. The SCAP integration allows you to centrally manage compliance of your machines.

Spacewalk Test Results

Spacewalk Test Results

Feature highlights

Schedule XCCDF scans for a given machine

Schedule XCCDF scans through Spacewalk web (either for a single machine or for SSM)

View a summary of all scans on the web (for a single machine or your entire infrastructure)

Obtain a summary of the scan results

View a structured scan result on Spacewalk web

Fetch scan results

Perform searches via Spacewalk Web

RH Access Insights

Red Hat Access Insights is a hosted service designed to help you proactively identify and resolve technical issues in Red Hat Enterprise Linux and Red Hat Cloud Infrastructure environments. Decreasing time spent discovering, researching, and resolving critical issues allows you to focus on driving high value, strategic initiatives. Red Hat Access Insights uses OpenSCAP for vulnerability scanning — generating a list of CVEs to which your infrastructure may be vulnerable. See Red Hat Access Insights homepage for more info.

Pre-upgrade Assistant

Pre-upgrade Assistant is not a typical OpenSCAP tool. It checks whether an in-place major version upgrade of your RHEL or Fedora system is possible. Potential issues are discovered before the upgrade, to prevent data or functionality loss. See How do I upgrade from Red Hat Enterprise Linux 6 to Red Hat Enterprise Linux 7.


Orcharhino supports managing security compliance similarly to Foreman and Red Hat Satellite. With orcharhino, you can use the OpenSCAP plug-in to collect automated vulnerability and security compliance audits from managed hosts using SCAP. Managed hosts check against orcharhino if they fullfil their compliance requirements and send reports to orcharhino. You can upload custom SCAP definitions to orcharhino or use preexisting ones.