We use oval to check the system vulnerability. Redhat offer official oval(https://www.redhat.com/security/data/oval/), and it works well on redhat. There is no official centos oval, and using redhat oval on centos got false results. centos is based redhat, so I wrote a script fetch redhat oval files and convert it to useful for centos. And I push the oval to my github: https://github.com/Sep0lkit/oval-for-el Everyone interested in this can try to use it and tell me it works correctly or not.