oscap-docker.8

.TH oscap-docker "8" "June 2015" "Red Hat, Inc." "System Administration Utilities"
.SH NAME
oscap-docker \- Tool for running oscap within docker container or image
.SH DESCRIPTION
oscap-docker tool can asses vulnerabilities or security compliance of running Docker
containers or cold Docker images. OpenSCAP tool (oscap) is used underneath. Definition
of vulnerabilities (CVE stream) is downloaded from product vendor.

.SS Compliance scan of Docker image
Usage: docker-oscap image IMAGE_NAME [OSCAP_ARGUMENTS]

Run any OpenSCAP (oscap) command within chroot of mounted docker image. Learn more
about OSCAP_ARGUMENTS in oscap(8) man page.

.SS Compliance scan of Docker container
Usage: docker-oscap container CONTAINER_NAME [OSCAP_ARGUMENTS]

Run any OpenSCAP (oscap) command within chroot of mounted docker container. Result
of this command may differ from scanning just an image due to defined mount points.

.SS "Vulnerability scan of Docker image"
Usage: docker\-oscap image\-cve IMAGE_NAME [--results oval-results-file.xml [--report report.html]]

Attach docker image, determine OS variant/version, download CVE stream applicable to
the given OS, and finally run vulnerability scan.

.SS "Vulnerability scap of Docker container"
Usage: oscap-docker container-cve CONTAINER_NAME [--results oval-results-file.xml [--report report.html]]

Chroot to running container, determine OS variant/version, download CVE stream applicable
to the given OS and finally run a vulnerability scan.

.SH SECURITY POLICIES
.TP
\fB SCAP-Security-Guide\fR package contains multiple configuration policies.
.TP
\fB Red Hat CVE stream can be found online\fR - \fIhttps://www.redhat.com/security/data/metrics/\fR

.SH REPORTING BUGS
.nf
Please report bugs using https://fedorahosted.org/openscap/

.SH AUTHORS
.nf
Šimon Lukašík <slukasik@redhat.com>
.fi