SOVA (Simplified Open Vulnerability Assessment)

SOVA is a simple and extensible format and framework for describing checks intended to detect vulnerabilities and misconfigurations. The project aims to lower the barrier to entry and simplify both content development and scanner implementation, while preserving the ability to build complex detection logic from simple and transparent elements.

Key Ideas

• 📃 JSON instead of XML
  The format uses JSON, making it convenient for both manual editing and automated processing.

• ⚙️ Composable definition logic
  The status of a definition is determined through combinations of test statuses or other definitions, enabling complex detection conditions.

• 🧪 Simplified and extensible test model
  Test types are moved outside the core format specification. This includes support for executing arbitrary bash scripts on the host or performing web requests.

• 🧭 Inline test parameters
  Test parameters (objects and states) are stored directly within the definition status evaluation logic, so the actual detection logic is visible in one place, even at the cost of some descriptive redundancy.

SOVA is conceived as a universal and practical foundation for building vulnerability and misconfiguration detection systems.

Example Definition: SSH Password Authentication Disabled

The following example demonstrates a SOVA definition that checks whether SSH password authentication is disabled on a host.

This definition uses two

tests combined with logical

AND

to ensure that the SSH configuration file exists and that password-based authentication is explicitly disabled.