Multiple Integration Options, Easily-Consumed Results

Joval was designed from the ground up to be embedded into and integrated with complex, existing enterprise security and compliance solutions.

The Joval Utility

The Joval Utility is a lightweight command-line utility that can be used for host-based, remote and offline assessments. For host-based assessments, it’s suitable for deployment in very large enterprises that have already deployed a host-based automation system. The utility is packaged as a single 24MB JAR file, meaning that it can be run on any computer with a Java runtime, be it Windows, MacOS, Linux or Unix. The Joval Utility is both lightweight and exceptionally fast, and best of all, unlike many competing scanners, Joval’s scans are minimally intrusive on the performance of the host machine.

The Joval SDK

The Joval SDK is the fastest way to add certification-ready standards-based compliance and vulnerability assessment capabilities to your software solution suite. Built from the ground-up to be embedded into enterprise software products, Joval is fully commercially redistributable, adds no infrastructure, and was designed for performance and scalability. Instead of bringing a log framework to your party, it leverages the popular Simple Logging Facade for Java (SLF4J), and its log messages are easily localizable.

Compatible with Java dating back to version 1.6, Joval is sure to be runtime-compatible with your enterprise application. And, if your project does not contain a Java component, a variety of integration options — including web-services — are readily available.

And, only Joval makes it possible for you to implement your own custom schema objects, and collect them through our engine. By adhering to our documented schema extension mechanism, there is no limit to what you may choose to monitor for compliance through your product.

Input formats

Joval accepts all standards-based SCAP input formats, including SCAP 1.2 datastreams, SCAP 1.0/1.1 ZIP bundles, and OVAL 5.3+ XML definition files. This makes Joval capable of consuming all SCAP-based compliance and vulnerability content, including content published by OS vendors, DISA, CIS and others. Having the ability to leverage tons of existing community-developed and community-vetted content means you can skip staffing your own content development team, and eliminate the ongoing problem of keeping your content up-to-date.

Output formats

All Joval products are capable of producing the standards-based ARF XML report format, as well as a wide variety of readily-consumed output formats including:

  • Human-readable HTML rollup reports with drill-down diagnostics
  • JSON event streams
  • SQL data files
  • Simplified XML result files (rollup results)
  • Detailed XML result files (full system characteristics)
  • CSV files

Custom Output Formats

Transform Joval’s output into any text-based format that you’d like by specifying an XSL transform to be applied to an XML result format. Sample XSLs are provided for a variety of common formats and can be easily customized.

Remote Management SDK

Put the framework that powers Joval’s agentless remote scanning technology to work to address your own specialized agentless automation challenges. The Joval Remote Management SDK provides the Java System Access Facade’s platform-neutral interfaces for process execution, file transfer, identity and database services, as well as interfaces for platform-specific features such as the Windows Registry, WMI, and Powershell — all backed by Joval’s robust, firewall-friendly, performance-optimized provider implementation.