Question 1

Is container compliance better than Clair for Docker scanning?

Accepted Answer

Container Compliance is obsolete, with its tools now part of OpenSCAP's oscap-docker. Clair is a more modern, actively maintained alternative specifically designed for container vulnerability scanning and often integrated into registries like Harbor.

Question 2

How to scan a running Docker container for vulnerabilities with OpenSCAP?

Accepted Answer

Use the oscap-docker container-cve command, which is now standard in OpenSCAP. For example, run 'oscap-docker container-cve CONTAINER_NAME --results oval.xml --report report.html' to generate a vulnerability report.

Question 3

What happened to the container-compliance project?

Accepted Answer

It was deprecated and merged into the main OpenSCAP project as the oscap-docker utility. The original repository is no longer maintained, so users should switch to OpenSCAP for updates.

Question 4

Can I use container-compliance with Kubernetes?

Accepted Answer

Not directly; it was designed for standalone Docker containers. For Kubernetes, you'd need to integrate oscap-docker into pods or use dedicated tools like kube-hunter or security context benchmarks.

Question 5

How to install and set up container-compliance?

Accepted Answer

Since it's obsolete, installation isn't recommended. Instead, install OpenSCAP via package managers and use oscap-docker, which offers similar functionality with better support and documentation.

Question 6

Does container-compliance support scanning private registries?

Accepted Answer

The README doesn't mention private registry support; it assumes local Docker images. For private registries, you'd need to pull images locally first or use tools with built-in registry authentication.

Question 7

What compliance benchmarks does container-compliance use?

Accepted Answer

It relies on OpenSCAP's SCAP content, such as the SCAP Security Guide, which includes profiles for standards like STIG, CIS, and PCI-DSS, tailored to various operating systems.

OpenSCAP

What is OpenSCAP?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions