SCAP Security and Compliance Scanning of Docker Images in GitHub Actions and GitLab CI

SCAP scans are required in many cases, such as STIGs for US government work and PCI compliance for e-commerce. When not required, they're a great way to improve security hardening.

These scans report issues such as world-writable files, insecurely configured services, and more.

Performing SCAP scans has traditionally been a manual process involving obscure tools, complex output requiring security specialists to interpret, and non-repeatable techniques. However, I improved that process, making it automated and easy to understand.

I provide copy-and-paste …

actions cases commerce compliance cybersecurity docker e-commerce files github github actions gitlab government great hardening images pci performing report scanning scans security security and compliance security hardening services work world