The openscap-scanner package needs to be present in the container or container image.
openscap-scanner contains the oscap command line tool. This tool is a configuration and vulnerability scanner, capable of performing compliance checking using SCAP content.