This project is to engage and empower the SCAP community focusing on the Apple platforms. There are many ways that individuals and organizations can get involved and contribute.
Anyone personally or professionally involved in SCAP content and tools with a need to work directly with the Apple platforms (macOS and iOS) will want to engage in this project. Whether it is to jump in with both feet and fully engage or mingle with the community to learn more about what SCAP is, everyone will learn what it can do for them and their systems. The blog will have frequent posts of activities and relevant updates for this community. The project web site will be the central location for all relevant project information, files and links.
Your active involvement with this project in reviewing, testing and submitting to shared SCAP content will ensure the tool community is meeting your needs for SCAP compliance. You will definitely want to join the SCAP on Apple mailing list and dive in when you are ready.
Your active involvement with this project will ensure you are drawing from authoritative information on how best to implement test, gather system information and report accurate information with your tools. There is a developer-specific mailing list where low-level protocol and data handling questions will be most appropriate in asking and sharing with the rest of the community.
The source repository will host and version all submissions of source code and content relevant to the Apple platforms. You are encouraged to both contribute and consume from this central repository. This repository is not intended to replace existing repositories, but rather an augmentation with Apple platform relevant source. If you have any questions as to whether you should submit source (code/content) here or at another location within the SCAP community, do not hesitate to contact us.
Please take some time to read and understand the Terms of Use and Licensing Terms when submitting or using content from the SCAP on Apple open source project.
The following is drawn from the Mac OS Forge Terms of Use page.
LICENSING OF CONTENT
By submitting or posting Content on areas of Mac OS Forge accessible by the public, you are representing that you are the owner of such material or have authorization to distribute it. You hereby grant Apple a worldwide, royalty-free, perpetual, irrevocable, non-exclusive license to use, reproduce, modify, adapt, perform, display, distribute and publish any such public area Content for the purpose of displaying, distributing and promoting the area on which such Content is posted. The foregoing sentence does not apply to the extent that Content you are submitting or posting is a work of the United States Government for which copyright is unavailable under 17 U.S.C. 105.
LICENSING OF SOFTWARE PROJECTS
Use, reproduction, modification, redistribution and other intellectual property rights to software and other data hosted on Mac OS Forge as software projects (“Source Projects”) shall be subject to the open source license(s) accompanying or otherwise applicable to such Source Projects, or other licensing arrangement approved by Apple as applicable to such Source Project. To the extent you submit or post software or other data to such Source Projects, you represent that you are the owner of such material or have authorization to license it in accordance with the open source or other licensing terms applicable to that Source Project.
Source code repository commit access, maintenance and other privileges related to Source Projects may be subject to written acceptance of additional terms and conditions. No implied rights or licenses, including without limitation any implied patent licenses, are granted by Apple as a result of any Source Project being hosted on Mac OS Forge.
The project team anticipates a relatively high rate of community activity, content and source submissions, posting of documentation and open collaboration. With large open collaboration and integration of content from multiple parties, it is necessary to identify and track bugs, features and enhancements. The project team encourages all participants to fully utilize the ticketing system for identification, submission, and tracking against all content (web site, documentation, tools, source code, etc.) maintained by this project.
The SCAP on Apple project is led by Shawn Geddis, Apple Enterprise Security Consulting Engineer with participation from NIST and NSA representatives.