Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/OpenSCAP/container-compliance
Assessing compliance of a container
https://github.com/OpenSCAP/container-compliance
Last synced: 2 months ago
JSON representation
Assessing compliance of a container
- Host: GitHub
- URL: https://github.com/OpenSCAP/container-compliance
- Owner: OpenSCAP
- License: gpl-3.0
- Archived: true
- Created: 2015-03-03T18:51:19.000Z (over 9 years ago)
- Default Branch: master
- Last Pushed: 2016-12-02T19:05:00.000Z (over 7 years ago)
- Last Synced: 2024-03-25T21:17:57.517Z (3 months ago)
- Language: Shell
- Size: 62.5 KB
- Stars: 239
- Watchers: 37
- Forks: 42
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: COPYING
Lists
- awesome-linux-containers - OpenSCAP
- awesome-linux-containers - OpenSCAP
README
> # Obsolete!
> This project is obsolete, the functionality is provided by the oscap-docker
> tool that ships with OpenSCAP.# Container Compliance
Resources and tools to assert compliance of containers (rocket, docker, ...).
+ Assessing running containers and cold images
+ Vulnerability and compliance audit[![Build Status](https://travis-ci.org/dduportal/container-compliance.svg?branch=master)](https://travis-ci.org/dduportal/container-compliance)
## Vulnerability scan of Docker image
```
# oscap-docker image-cve IMAGE_NAME \
[--results OVAL.XML [--report REPORT.HTML]]
```This command will attach docker image, determine OS variant/version, download CVE stream
applicable to the given OS, and finally run vulnerability scan.### Exemplary usage
Tested on Fedora host.
```
# yum install openscap-scanner docker-io
# service docker start
# docker pull docker.io/rhel7
# oscap-docker image-cve docker.io/rhel7 \
--results oval.xml --report rhel7.html
$ firefox rhel7.html
```## Scanning Docker image using OpenSCAP
Run any OpenSCAP command within chroot of mounted docker image.
```
# oscap-docker image IMAGE_NAME [OSCAP_ARGUMENTS]
```Learn more about OSCAP_ARGUMENTS in `man oscap`.
### Exemplary usage
Tested on Fedora host.
```
# yum install scap-security-guide openscap-scanner docker-io
# sed -i 's/.