Scanning Docker containers for SCAP compliance
BMC BladeLogic Server Automation supports compliance analysis of Docker containers and images on containerized Linux servers. This compliance analysis is based on SCAP 1.2 content with configuration assessments in Open Vulnerability and Assessment Language (OVAL). Target servers must be Red Hat Enterprise Linux (RHEL) servers with docker containers that are based on RHEL or CentOS base images. This functionality is enabled by several depot objects and jobs that are provided out-of-the-box, including special custom software packages and NSH Script Jobs. Results from Container Scan Jobs are displayed in HTML reports that summarize and aggregate the compliance statuses of all containers and images, and provide drill-down options to individual containers and images.
The following pages describe the tasks involved in an SCAP compliance analysis for containers and images:
- Importing SCAP content for a container scan
- Configuring and running a Container Scan Job
- Viewing results from a Container Scan Job
For an end-to-end example of an SCAP compliance analysis of containers and images, see Walkthrough: Scanning containers for SCAP compliance.