apk install openscap
apk install openscap-docs
mkdir -p /usr/share/xml/scap/ssg/content/
Fetch SCAP content from https://github.com/ComplianceAsCode/content/releases/latest/ Fetch "security-guide.zip" and unpack, will expand to 1.5 GB
cd into extract dir
mv -f * /usr/share/xml/scap/ssg/content/
Alternatively, openSCAP and security guides can be built via https://github.com/ComplianceAsCode/content.git
oscap is the main tooling and used with "xccdf eval" to execute checks. Results are provided directly on the command line and can also be compiled to a human-readable report.
Example on how to scan a RedHat Enterprise Linux 8 system:
oscap xccdf eval --fetch-remote-resources --profile xccdf_org.ssgproject.content_profile_ospp --results-arf results.xml --report report.html /usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml
This uses the "fetch-remote-resources" parameter to pull any external sources and references ad-hoc, will not work on an airgapped system