How can I contribute a new OS vulnerability source

[IceT5]

I want to use openSCAP to scan operating system vulnerabilities, but it is a new operating system. I hope to contribute the vulnerability information released by this operating system to our project. How should I do this?

[Mab879]

Usually vulnerability information is distributed directly directly from the OS vendor. For example Ubuntu uses the OVAL feeds at https://security-metadata.canonical.com/oval/com.ubuntu.noble.usn.oval.xml.bz2.

[dodys]

As Matthew mentioned, vulnerability data is distributed directly by the vendors. The project here is not about vulnerability data, but instead about security benchmarks, like CIS, STIG and so on.