Provided by: openscap-utils_1.3.7+dfsg-1build1_amd64 
NAME
oscap-docker - Tool for running oscap within docker container or image
DESCRIPTION
oscap-docker tool can asses vulnerabilities or security compliance of running Docker
containers or cold Docker images. OpenSCAP tool oscap(8) is used underneath. Definition of
vulnerabilities (CVE stream) is downloaded from product vendor.
Compliance scan of Docker image
Usage: oscap-docker image IMAGE_NAME OSCAP_ARGUMENT [OSCAP_ARGUMENT...]
Run any OpenSCAP oscap(8) command within chroot of mounted docker image. Learn more about
arguments in oscap(8) man page.
Compliance scan of Docker container
Usage: oscap-docker container CONTAINER_NAME OSCAP_ARGUMENT [OSCAP_ARGUMENT...]
Run any OpenSCAP oscap(8) command within chroot of mounted docker container. Result of
this command may differ from scanning just an image due to defined mount points.
Vulnerability scan of Docker image
Usage: oscap-docker image-cve IMAGE_NAME [--results oval-results-file.xml [--report
report.html]]
Attach docker image, determine OS variant/version, download CVE stream applicable to the
given OS, and finally run vulnerability scan.
Vulnerability scap of Docker container
Usage: oscap-docker container-cve CONTAINER_NAME [--results oval-results-file.xml
[--report report.html]]
Chroot to running container, determine OS variant/version, download CVE stream applicable
to the given OS and finally run a vulnerability scan.
In order to use different oscap(8) binary pass it like --oscap=<path/to/oscap>, as the
first argument.
SECURITY POLICIES
SCAP-Security-Guide package contains multiple configuration policies.
Red Hat CVE stream can be found online - https://www.redhat.com/security/data/metrics/
REPORTING BUGS
Please report bugs using https://github.com/OpenSCAP/openscap/issues
AUTHORS
Šimon Lukašík <slukasik@redhat.com>