Chapter 3. Scheduling a Scan of Container Images

To fully utilize OpenSCAP scanning in CloudForms for container image compliance, assign the built-in OpenSCAP policy profile to containers providers, then schedule an OpenSCAP compliance check on container images for the assigned providers.

3.1. Assigning the Built-In OpenSCAP Policy Profile to a Container Provider

The OpenSCAP policy profile included with Red Hat CloudForms is not automatically assigned. You still need to assign it to a containers provider.

  1. Navigate to ComputeContainersProviders, check the providers you need to assign the OpenSCAP policy profile to.
  2. Click image (Policy), and then click image (Manage Policies).
  3. From the Select Policy Profiles area, click on the triangle next to OpenSCAP profile to expand it and see its member policies.
  4. Select OpenSCAP profile. It turns blue to show its assignment state has changed.
  5. Click Save.

3.2. Scheduling an OpenSCAP Compliance Check for Container Images

Once you have assigned the built-in OpenSCAP policy profile to a container provider, you can schedule a compliance check against the policy profile.

  1. From the settings menu, select Configuration.
  2. Click the Settings accordion, and select Schedules.
  3. Click image (Configuration), image (Add a new Schedule).
  4. In the Adding a new Schedule area, enter a name and description for the schedule.
  5. Select Active to enable this scan.
  6. From the Action list, select Container Image Analysis.
  7. From the Filter list, select All Container Images for Containers Provider, a new list will appear. From this list, choose the provider where you enabled the OpenSCAP policy profile.
  8. From the Run list, select how often you want the analysis to run. Your options after that depend on which run option you choose.

    image

    • Select Once to run the analysis just one time.
    • Select Daily to run the analysis on a daily basis. You are prompted to select how many days you want between each analysis.
    • Select Hourly to run the analysis hourly. You are prompted to select how many hours you want between each analysis.
  9. Select the time zone for the schedule.
  10. Enter or select a date to begin the schedule in Starting Date.
  11. Select a starting time based on a 24-hour clock in the selected time zone.
  12. Click Add.