openscapScanner/ubi9.dockerfile at main · barakharyati/openscapScanner · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
####### Stage 1: Build Image WITH OpenSCAP ########

FROM registry.access.redhat.com/ubi9/ubi AS openscap-builder


# Install openscap + content
RUN dnf -y update
RUN dnf -y install -y wget openscap-scanner jq curl-minimal

#create folders
RUN mkdir /usr/share/xml/ && mkdir /usr/share/xml/scap && mkdir /usr/share/build_openscap && mkdir /usr/share/build_openscap/latest_scap_version

#get latest Openscap Version from https://api.github.com/repos/ComplianceAsCode/content/releases
RUN  curl -s https://api.github.com/repos/ComplianceAsCode/content/releases | jq -r '.[0].assets[].browser_download_url | select(test("scap-security-guide-.*\\.tar\\.gz$"))' \
    > /usr/share/build_openscap/latest_url.txt

#print latest version URL
RUN echo cat /usr/share/build_openscap/latest_url.txt
#download the latest version
RUN wget -O /usr/share/build_openscap/latest_scap_version.tar.gz "$(cat /usr/share/build_openscap/latest_url.txt)"

RUN tar -xvf  /usr/share/build_openscap/latest_scap_version.tar.gz -C /usr/share/build_openscap/latest_scap_version --strip-components=1
RUN cp /usr/share/build_openscap/latest_scap_version/ssg-*-ds.xml  /usr/share/xml/scap/

#create run folders
RUN mkdir /usr/share/run_openscap


# Set working directory for OpenSCAP execution
WORKDIR /usr/share/run_openscap

# Default command when container starts
CMD ["oscap", "xccdf", "eval", "--profile", "xccdf_org.ssgproject.content_profile_stig", "--results", "results.xml", "--report", "report.html", "/usr/share/xml/scap/ssg-rhel9-ds.xml"]