Provided by: openscap-utils_1.3.7+dfsg-1build1_amd64 bug

NAME

       oscap-docker - Tool for running oscap within docker container or image

DESCRIPTION

       oscap-docker  tool  can  asses  vulnerabilities  or  security compliance of running Docker
       containers or cold Docker images. OpenSCAP tool oscap(8) is used underneath. Definition of
       vulnerabilities (CVE stream) is downloaded from product vendor.

   Compliance scan of Docker image
       Usage: oscap-docker image IMAGE_NAME OSCAP_ARGUMENT [OSCAP_ARGUMENT...]

       Run  any OpenSCAP oscap(8) command within chroot of mounted docker image. Learn more about
       arguments in oscap(8) man page.

   Compliance scan of Docker container
       Usage: oscap-docker container CONTAINER_NAME OSCAP_ARGUMENT [OSCAP_ARGUMENT...]

       Run any OpenSCAP oscap(8) command within chroot of mounted  docker  container.  Result  of
       this command may differ from scanning just an image due to defined mount points.

   Vulnerability scan of Docker image
       Usage:   oscap-docker  image-cve  IMAGE_NAME  [--results  oval-results-file.xml  [--report
       report.html]]

       Attach docker image, determine OS variant/version, download CVE stream applicable  to  the
       given OS, and finally run vulnerability scan.

   Vulnerability scap of Docker container
       Usage:   oscap-docker   container-cve   CONTAINER_NAME   [--results  oval-results-file.xml
       [--report report.html]]

       Chroot to running container, determine OS variant/version, download CVE stream  applicable
       to the given OS and finally run a vulnerability scan.

       In  order  to  use  different oscap(8) binary pass it like --oscap=<path/to/oscap>, as the
       first argument.

SECURITY POLICIES

        SCAP-Security-Guide package contains multiple configuration policies.

        Red Hat CVE stream can be found online - https://www.redhat.com/security/data/metrics/

REPORTING BUGS

       Please report bugs using https://github.com/OpenSCAP/openscap/issues

AUTHORS

       Šimon Lukašík <slukasik@redhat.com>