7 Scanning Offline File Systems

Use oscap-chroot to perform an offline scan of a file system that is mounted at a specified path.

You can use oscap-chroot for scanning custom objects that are not supported by oscap-podman, like containers that use an alternate format or for virtual machine disk files. The options for this tool are similar to the oscap command.

For example, to audit a file system mounted at /mnt audit using an OVAL definitions file, run:

sudo oscap-chroot /mnt oval eval --results /tmp/elsa-results-oval.xml \
  --report elsa-report-oval.html com.oracle.elsa-2021.xml

See the oscap-chroot(8) manual page for more information.