projectatomic/atomic
1
0
Fork 0
mirror of https://github.com/projectatomic/atomic.git synced 2026-02-07 06:44:52 +01:00
Code Issues Releases Activity
Files
v1.18.1
atomic/atomic.d/openscap
Watson Sato 0f084c138b atomic.d/opensap: Show how to configure scanner to fetch CVE data 
Closes: #953
Approved by: baude
2017-03-24 17:36:24 +00:00

16 lines
874 B
Plaintext
Raw Permalink Blame History

type: scanner
scanner_name: openscap
image_name: registry.access.redhat.com/rhel7/openscap
default_scan: cve
custom_args: ['-v', '/etc/oscapd:/etc/oscapd:ro']
scans: [
{ name: cve,
args: ['oscapd-evaluate', 'scan', '--no-standard-compliance', '--targets', 'chroots-in-dir:///scanin', '--output', '/scanout', '-j1'],
description: "Performs a CVE scan based on Red Hat relesead CVE OVAL. !WARNING! This CVE is built into container image and it might be out-of-date. Change config.ini to configure the scanner to fetch latest CVE data"},
{ name: standards_compliance,
args: ['oscapd-evaluate', 'scan', '--targets', 'chroots-in-dir:///scanin', '--output', '/scanout', '--no-cve-scan', '-j1'],
description: "Performs scan with Standard Profile, as present in Scap Security Guide shipped in Red Hat Enterprise Linux"
}
]
View Git Blame Copy Permalink