1oscap-docker(8)         System Administration Utilities        oscap-docker(8)
2
3
4

NAME

6       oscap-docker - Tool for running oscap within docker container or image
7

DESCRIPTION

9       oscap-docker  tool  can asses vulnerabilities or security compliance of
10       running Docker containers or cold Docker images. OpenSCAP tool oscap(8)
11       is used underneath. Definition of vulnerabilities (CVE stream) is down‐
12       loaded from product vendor.
13
14
15   Compliance scan of Docker image
16       Usage: oscap-docker image IMAGE_NAME OSCAP_ARGUMENT [OSCAP_ARGUMENT...]
17
18       Run any OpenSCAP oscap(8)  command  within  chroot  of  mounted  docker
19       image. Learn more about arguments in oscap(8) man page.
20
21
22   Compliance scan of Docker container
23       Usage:    oscap-docker    container    CONTAINER_NAME    OSCAP_ARGUMENT
24       [OSCAP_ARGUMENT...]
25
26       Run any OpenSCAP oscap(8) command within chroot of mounted docker  con‐
27       tainer.  Result  of this command may differ from scanning just an image
28       due to defined mount points.
29
30
31   Vulnerability scan of Docker image
32       Usage:  oscap-docker  image-cve  IMAGE_NAME  [--results   oval-results-
33       file.xml [--report report.html]]
34
35       Attach  docker image, determine OS variant/version, download CVE stream
36       applicable to the given OS, and finally run vulnerability scan.
37
38
39   Vulnerability scap of Docker container
40       Usage:  oscap-docker  container-cve  CONTAINER_NAME  [--results   oval-
41       results-file.xml [--report report.html]]
42
43       Chroot to running container, determine OS variant/version, download CVE
44       stream applicable to the given OS and finally run a vulnerability scan.
45
46       In  order   to   use   different   oscap(8)   binary   pass   it   like
47       --oscap=<path/to/oscap>, as the first argument.
48
49

SECURITY POLICIES

51        SCAP-Security-Guide package contains multiple configuration policies.
52
53        Red  Hat CVE stream can be found online - https://www.redhat.com/secu
54       rity/data/metrics/
55
56

REPORTING BUGS

58       Please report bugs using https://github.com/OpenSCAP/openscap/issues
59
60

AUTHORS

62       Šimon Lukašík <slukasik@redhat.com>
63
64
65
66Red Hat, Inc.                    January 2016                  oscap-docker(8)
Impressum