Skip to content
/ openscapScanner Public

This project provides a containerized solution for running OpenSCAP security scans on Red Hat Enterprise Linux 9 (UBI9) environments.

0 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

barakharyati/openscapScanner

BranchesTags

Repository files navigation

OpenSCAP Scanner (UBI9)

This project provides an example for running OpenSCAP security scans on Red Hat Enterprise Linux 9 (UBI9) Container.

Usage

Run the scan script:

./runBuilder.sh

The script automatically handles:

  • Building the Docker image
  • Creating a container from the image
  • Running the OpenSCAP scan (using the STIG profile)
  • Copying scan results (report.html, results.xml) to a timestamped folder under scans

View Results

Open the generated report.html in your browser for a human-readable summary. The results.xml contains detailed scan data.

Requirements

  • Docker
  • Internet access (to fetch latest SCAP Security Guide content)
  • Red Hat UBI9 base image access

SCAP Content

The container automatically fetches the latest SCAP Security Guide content from the ComplianceAsCode GitHub releases. This ensures you always use the most recent security scanning profiles and benchmarks.

Customization

  • To change the scan profile, modify the CMD line in ubi9.dockerfile.
  • To automate or schedule scans, integrate runBuilder.sh into your CI/CD or cron jobs.

References

License

MIT License

About

This project provides a containerized solution for running OpenSCAP security scans on Red Hat Enterprise Linux 9 (UBI9) environments.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages