Security and compliance scanning tool for containers

Extending OpenSCAP scanning tools to scan containers of Linux distributions, for example, Ununtu.

OpenSCAP provides a standards based framework and tools for checking compliance and enforcing security baselines for systems. These tools work in two modes: online, and offline. In online mode tools and security content are installed in the system being scanned. In offline mode systems can be scanned without installing any tools or content in the system being scanned. Thus offline mode is more suitable for scanning container images and running instances in cloud environment. Currently, OpenSCAP tools support RHEL, CentoOS, and Fedora distributions for offline scanning. This project aims to extend offline scanning capability to other Linux distributions, for example, Ubuntu. This makes it possible to deploy this solution in a public cloud environment.

Project logistics