|
Packit |
517ee8 |
.TH oscap-docker "8" "January 2016" "Red Hat, Inc." "System Administration Utilities"
|
|
Packit |
517ee8 |
.SH NAME
|
|
Packit |
517ee8 |
oscap-docker \- Tool for running oscap within docker container or image
|
|
Packit |
517ee8 |
.SH DESCRIPTION
|
|
Packit |
517ee8 |
oscap-docker tool can asses vulnerabilities or security compliance of running Docker
|
|
Packit |
517ee8 |
containers or cold Docker images. OpenSCAP tool \fBoscap(8)\fR is used underneath. Definition
|
|
Packit |
517ee8 |
of vulnerabilities (CVE stream) is downloaded from product vendor.
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
.SS Compliance scan of Docker image
|
|
Packit |
517ee8 |
Usage: oscap-docker image IMAGE_NAME OSCAP_ARGUMENT [OSCAP_ARGUMENT...]
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
Run any OpenSCAP \fBoscap(8)\fR command within chroot of mounted docker image. Learn more
|
|
Packit |
517ee8 |
about arguments in \fBoscap(8)\fR man page.
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
.SS Compliance scan of Docker container
|
|
Packit |
517ee8 |
Usage: oscap-docker container CONTAINER_NAME OSCAP_ARGUMENT [OSCAP_ARGUMENT...]
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
Run any OpenSCAP \fBoscap(8)\fR command within chroot of mounted docker container. Result
|
|
Packit |
517ee8 |
of this command may differ from scanning just an image due to defined mount points.
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
.SS "Vulnerability scan of Docker image"
|
|
Packit |
517ee8 |
Usage: oscap-docker image-cve IMAGE_NAME [--results oval-results-file.xml [--report report.html]]
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
Attach docker image, determine OS variant/version, download CVE stream applicable to
|
|
Packit |
517ee8 |
the given OS, and finally run vulnerability scan.
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
.SS "Vulnerability scap of Docker container"
|
|
Packit |
517ee8 |
Usage: oscap-docker container-cve CONTAINER_NAME [--results oval-results-file.xml [--report report.html]]
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
Chroot to running container, determine OS variant/version, download CVE stream applicable
|
|
Packit |
517ee8 |
to the given OS and finally run a vulnerability scan.
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
In order to use different \fBoscap(8)\fR binary pass it like --oscap=<path/to/oscap>, as the first argument.
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
.SH SECURITY POLICIES
|
|
Packit |
517ee8 |
.TP
|
|
Packit |
517ee8 |
\fB SCAP-Security-Guide\fR package contains multiple configuration policies.
|
|
Packit |
517ee8 |
.TP
|
|
Packit |
517ee8 |
\fB Red Hat CVE stream can be found online\fR - \fIhttps://www.redhat.com/security/data/metrics/\fR
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
.SH REPORTING BUGS
|
|
Packit |
517ee8 |
.nf
|
|
Packit |
517ee8 |
Please report bugs using https://github.com/OpenSCAP/openscap/issues
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
.SH AUTHORS
|
|
Packit |
517ee8 |
.nf
|
|
Packit |
517ee8 |
Šimon Lukašík <slukasik@redhat.com>
|
|
Packit |
517ee8 |
.fi
|