CentOS OVALs

[cfriacas]

https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL5.xml
https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL6.xml

...these are working fine for CentOS 5 and CentOS 6.

However,
https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL7.xml
https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL8.xml

...make the "vds.php -c synchronize" script fail.

This is the error i'm getting:
PHP Fatal error: Uncaught Exception: Unknown OS Group (Red Hat Enterprise Linux ) requested in /var/www/pakiti-server/src/managers/OsGroupsManager.php:29
Stack trace:
#0 /var/www/pakiti-server/src/modules/vds/lib/SubSource.php(328): OsGroupsManager->storeOsGroup()
#1 /var/www/pakiti-server/src/modules/vds/lib/SubSource.php(241): SubSource->parse_definitions()
#2 /var/www/pakiti-server/src/modules/vds/sources/CveSource.php(47): SubSource->retrieveVulnerabilities()
#3 /var/www/pakiti-server/src/modules/vds/VdsModule.php(30): CveSource->retrieveVulnerabilities()
#4 /var/www/pakiti-server/src/modules/cli/vds.php(138): VdsModule->synchronize()
#5 {main}
thrown in /var/www/pakiti-server/src/managers/OsGroupsManager.php on line 29

Is anyone using different sources for CentOS?
I've tried using https://oval.cisecurity.org/repository/download but that didn't work too :/

Thanks,
Carlos

[HavrilaJ]

Hi, you can find working OVALs that we are using in https://github.com/CESNET/pakiti-server/blob/master/install/server-bootstrap.php