"atomic scan" with "configuration_compliance" enables creating security-compliant container images at build time
The `rhel7/openscap` container image now provides the "configuration_compliance" scan type. When used as an argument for the "atomic scan" command, this new scan type enables users to:
* scan Red Hat Enterprise Linux-based container images and containers against any profile provided by the SCAP Security Guide (SSG)
* remediate Red Hat Enterprise Linux-based container images to be compliant with any profile provided by the SSG
* generate an HTML report from a scan or a remediation.
The remediation results in a container image with an altered configuration that is added as a new layer on top of the original container image.
Note that the original container image remains unchanged and only a new layer is created on top of it. The remediation process builds a new container image that contains all the configuration improvements. The content of this layer is defined by the security policy of scanning. This also means that the remediated container image is no longer signed by Red Hat, which is expected, since it differs from the original container image by containing the remediated layer.