7 Scanning Offline File Systems
Use oscap-chroot to perform an offline scan of a file system that is mounted at a specified path.
You can use oscap-chroot for scanning custom objects that are not supported by oscap-podman, like containers that use an alternate format or for virtual machine disk files. The options for this tool are similar to the oscap command.
For example, to audit a file system mounted at
/mnt audit using an OVAL definitions file,
run:
sudo oscap-chroot /mnt oval eval --results /tmp/elsa-results-oval.xml \
--report elsa-report-oval.html com.oracle.elsa-2021.xml
See the oscap-chroot(8) manual page for
more information.