Information regarding tools and configurations to carry out Docker container scans
Please note that if you are sitting behind a proxy you'll need to run the following command prior to the install command.
export http_proxy=http://proxyserver.domain.com:8080
sudo atomic install registry.access.redhat.com/rhel7/openscap
For disconnected environments you can mirror RH's oval definitions and point your OpenScap scanner to your internal mirror.
[URL]
https://www.redhat.com/security/data/oval/
[OpenScap configuration - Atomic Host]
/etc/oscapd/config.ini
[CVEScanner]
fetch-cve = yes # change to yes
#fetch-cve-url = https://www.redhat.com/security/data/oval/
fetch-cve-url = http://<internal_mirror.com>/oscap_oval-oscap_oval/ # set to internal repository
fetch-cve-timeout = 600
Results after running an atomic scan on a Docker image
