Red Hat Bugzilla – Bug 1472282
[RFE] Support configuration compliance scan with any security profile
Last modified: 2017-10-19 07:37:40 EDT
Description of problem:
Atomic scan should scan containers and images for compliance with any security profile, for example PCI-DSS, STIG, USGCB, and others that are available in SCAP Security Guide. Atomic Scan must also be able to support customized profiles that customers have created using Red Hat supplied tools (eg. SCAP Workbench).
Atomic scan must display a detailed report.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. atomic scan [image/container]
Now atomic scan can do only:
* CVE scan, that verifies if all security updates are installed
* "Standard profile" scan, which is 5 or 6 rules
Atomic scan scans containers and images for any profile from SCAP Security Guide or customized profile and displays a report.
The scanning itself is already implemented upstream in Atomic https://github.com/projectatomic/atomic/pull/1027.