OpenSCAP provides a standards based framework and tools for checking compliance and enforcing security baselines for systems. These tools work in two modes: online, and offline. In online mode tools and security content are installed in the system being scanned. In offline mode systems can be scanned without installing any tools or content in the system being scanned. Thus offline mode is more suitable for scanning container images and running instances in cloud environment. Currently, OpenSCAP tools support RHEL, CentoOS, and Fedora distributions for offline scanning. This project aims to extend offline scanning capability to other Linux distributions, for example, Ubuntu. This makes it possible to deploy this solution in a public cloud environment.
Project logistics
- Mentor: Sastry S Duri email: sastry-at-us-dot-ibm-dot-com
- Min-max team size: 3-5
- Expected project hours per week (per team member): 6-8
- Will the project be open source? Yes Apache
Preferred past experience
- Python (Very important)
- Linux command line (Important)
- Bash (Valuable)
Some Technologies expected to be learned/used
- Docker
- OpenSCAP tools
- OVAL
- XML Parsing
- Python Web-server frameworks