To perform an offline scan of a mounted file system, use the oscap-chroot utility. You can use oscap-chroot for scanning custom objects that oscap-podman can't work with, such as containers that use a different format or virtual machine disk files. The options for this tool are similar to those of the oscap command.

For example, to audit a file system mounted at /mnt audit using an OVAL definitions file, run the following command:

sudo oscap-chroot /mnt oval eval --results /tmp/elsa-results-oval.xml \
  --report elsa-report-oval.html com.oracle.elsa-2024.xml

See the oscap-chroot(8) manual page for more information.