Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

https://github.com/OpenSCAP/container-compliance

Assessing compliance of a container
https://github.com/OpenSCAP/container-compliance

Last synced: 2 months ago
JSON representation

Assessing compliance of a container

Lists

README 

        
> # Obsolete!

> This project is obsolete, the functionality is provided by the oscap-docker

> tool that ships with OpenSCAP.



# Container Compliance



Resources and tools to assert compliance of containers (rocket, docker, ...).



+ Assessing running containers and cold images

+ Vulnerability and compliance audit



[![Build Status](https://travis-ci.org/dduportal/container-compliance.svg?branch=master)](https://travis-ci.org/dduportal/container-compliance)



## Vulnerability scan of Docker image



  ```

  # oscap-docker image-cve IMAGE_NAME \

      [--results OVAL.XML [--report REPORT.HTML]]

  ```



This command will attach docker image, determine OS variant/version, download CVE stream

applicable to the given OS, and finally run vulnerability scan.



### Exemplary usage



Tested on Fedora host.



  ```

  # yum install openscap-scanner docker-io

  # service docker start

  # docker pull docker.io/rhel7

  # oscap-docker image-cve docker.io/rhel7 \

      --results oval.xml --report rhel7.html

  $ firefox rhel7.html

  ```



## Scanning Docker image using OpenSCAP



Run any OpenSCAP command within chroot of mounted docker image.



  ```

  # oscap-docker image IMAGE_NAME [OSCAP_ARGUMENTS]

  ```



Learn more about OSCAP_ARGUMENTS in `man oscap`.



### Exemplary usage



Tested on Fedora host.



  ```

  # yum install scap-security-guide openscap-scanner docker-io

  # sed -i 's/.