No project description provided
Project description
Static STIG
Overview
This tool allows users to run OSCAP STIGs against a static image instead of waiting to do so at runtime. It will pull the image and determine its base distro and run a standard STIG profile against the image before outputting the results to a file on your local machine.
Requirements
Static STIG requires docker to run. Ensure that Docker is installed and your user is a part of the Docker group so the use of sudo isn't required to run docker commands. Additionally, ensure that your user owns the directory you are running Static STIG in.
How to Run
Run pip install -U static-stig
To run Static STIG, simply run package and give it the desired target image: static-stig -i registry_url/repo/image:tag
For exammple, to run a stig against the latest ubuntu image run static-stig -i docker.io/library/ubuntu:latest
To run a STIG against an image in a private repository, run the same command with the credential flags: static-stig -i registry_url/repo/image:tag -u username -p password -r registry_url
Future Features
- More compatibility with OSCAP XCCDF options
- Compatibility with more OSCAP Profiles
- Add a flag to allow specifying a profile
Known Shortcomings
- The DISA STIG list lags a few years behind releases of OS versions
- The STIG list used here isn't compatible with MacOS based images
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for static_stig-0.1.9-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | c7dc0cb866a252edb30b5e8a08658df557bce9e0cb124a74d84b2e5f97e44811 |
|
| MD5 | 876d15b7400c9b9ad0f5793d8aa3abf5 |
|
| BLAKE2b-256 | 2a1f10977f6af98012b1cb90fec591eb2c5cb42e4e24c9c3e1dc5a2ab74baef0 |
