Summary


Setting up Aqua CSP SCAP scanning [1] via Aqua Image Assurance Policy [2] and SCAP.
Although you could potentially write your own SCAP module with OVAL [3] using various definitions, in this guide we will use the community provided repository [4] specifically RHEL 7 [5].



Environment


Aqua CSP, SCAP, OVAL.


n.b.The "SCAP" control is not supported in direct scanning mode [1].

 


 

Solution  


  1. Upload the rhel-7.oval.xml OVAL file for the compliancy checks.

    Policies > Assurance Policies > Manage Compliance Checks


  2. Create a new Assurance Policy and add the rhel-7.oval.xml OVAL file.

    Policies > Assurance Policies > Add Policy > Image Assurance


  3. Add the desired Scope to the policy. In this example the scope will target all the rhel7 images.


  4. Add the image to Aqua and let it scan.


Related information


[1] https://docs.aquasec.com/docs/aqua-scap-scanning

[2] https://docs.aquasec.com/docs/image-assurance-policies-basic-info

[3] https://ovalproject.github.io/getting-started/tutorial

[4] https://oval.cisecurity.org/repository

[5] https://www.redhat.com/security/data/oval/v2/