Begun in 2011 as an effort to create a fully-featured open-source implementation of the Open Vulnerability Assessment Language (OVAL) in the Java programming language, Joval quickly expanded to cover the full range of SCAP (and related) specifications, including XCCDF, OCIL and SCE. Culminating in the 22.214.171.124a release in 2014, the open-source scanner featured support for more OVAL tests than any other open-source scanner, including MITRE’s reference implementation.
Now offered commercially as a low-cost, high-performance, embeddable scanning toolkit, Joval has evolved to support over 130 different OVAL tests (the closest open-source offering, ovaldi, implements only 70 test types). Joval now powers the SCAP capabilities of several commercial products, including officially-validated SCAP 1.2 offerings.
Current Open-Source Projects
Although the core language processing engines and test adapter implementations are no longer maintained in open-source form, Joval remains committed to the spirit of open-source and hosts a number of relevant projects on its Github site:
- jOVAL – Our original open-source project has evolved from an open-source OVAL interpreter into a comprehensive open-source Java data model for the SCAP specifications. Using the jOVAL project, our customers can create their own custom extensions to the OVAL language that are interoperable with our scan engine.
- jSAF – An open-source system access facade (abstraction) for Java. Joval leverages jSAF as a means of communicating with machines — either locally, or remotely over the network. Customers can create their own jSAF provider implementations to leverage existing host access technologies, such as agents.
- jKeyring – A slimmed-down version of the Netbeans multi-platform keyring implementation, which can be leveraged for secure storage of sensitive credential information.
- jWSMV – Our own implementation of Microsoft’s MS-WSMV specification, a flavor of WS-Management, that is a central component of Joval’s Windows remote-scanning capabilities.
- ntlm-java – Our fork of an excellent Google Code project that adheres very closely to Microsoft’s MS-NLMP specification.
- vngx-jsch – Joval’s branch of the vngx variant of the popular JSch SSH v2.0 implementation, which containing a number of defect fixes and enhancements.
- jPE – Our own Java library for reading Portable Execution file headers, which makes it possible for Joval to read Windows file headers on Unix machines.
- dd-plist – Joval’s fork of a great Google Code project that allows Java to interpret Apple plist files.
- jdbm – Joval’s fork of an oldie but goodie, from SourceForge — the original implementation of the B-Tree file format in Java. Joval plug-ins use JDBM to create file-backed caches and limit memory growth. This is particularly important when scanning hundreds of machines at once.
Joval is also a leading contributor to the following relevant projects: