oscap-docker is a container compliance and vulnerability assessment tool that integrates OpenSCAP scanning capabilities with Docker container environments. The tool provides functionality to assess both running containers and static container images for security vulnerabilities and compliance violations. It automatically detects the operating system variant and version of Docker images, downloads the appropriate CVE streams, and performs comprehensive vulnerability scans. Key capabilities include: - Vulnerability scanning of Docker images using OpenSCAP framework - Compliance auditing of container environments - Assessment of both active containers and cold images - Automatic OS detection and CVE stream matching - Integration with chroot environments for mounted Docker images - Support for custom OpenSCAP command execution within container contexts The tool operates by attaching to Docker images, mounting them in isolated environments, and running OpenSCAP security scanning procedures to identify potential vulnerabilities and compliance gaps in containerized applications.