1oscap-docker(8) System Administration Utilities oscap-docker(8)
2
3
4
6 oscap-docker - Tool for running oscap within docker container or image
7
9 oscap-docker tool can asses vulnerabilities or security compliance of
10 running Docker containers or cold Docker images. OpenSCAP tool (oscap)
11 is used underneath. Definition of vulnerabilities (CVE stream) is down‐
12 loaded from product vendor.
13
14
15 Compliance scan of Docker image
16 Usage: oscap-docker image IMAGE_NAME OSCAP_ARGUMENT [OSCAP_ARGUMENT...]
17
18 Run any OpenSCAP (oscap) command within chroot of mounted docker image.
19 Learn more about oscap arguments in oscap(8) man page.
20
21
22 Compliance scan of Docker container
23 Usage: oscap-docker container CONTAINER_NAME OSCAP_ARGUMENT
24 [OSCAP_ARGUMENT...]
25
26 Run any OpenSCAP (oscap) command within chroot of mounted docker con‐
27 tainer. Result of this command may differ from scanning just an image
28 due to defined mount points.
29
30
31 Vulnerability scan of Docker image
32 Usage: oscap-docker image-cve IMAGE_NAME [--results oval-results-
33 file.xml [--report report.html]]
34
35 Attach docker image, determine OS variant/version, download CVE stream
36 applicable to the given OS, and finally run vulnerability scan.
37
38
39 Vulnerability scap of Docker container
40 Usage: oscap-docker container-cve CONTAINER_NAME [--results oval-
41 results-file.xml [--report report.html]]
42
43 Chroot to running container, determine OS variant/version, download CVE
44 stream applicable to the given OS and finally run a vulnerability scan.
45
46
48 SCAP-Security-Guide package contains multiple configuration policies.
49
50 Red Hat CVE stream can be found online - https://www.redhat.com/secu‐
51 rity/data/metrics/
52
53
55 Please report bugs using https://github.com/OpenSCAP/openscap/issues
56
57
59 Šimon Lukašík <slukasik@redhat.com>
60
61
62
63Red Hat, Inc. January 2016 oscap-docker(8)