Red Hat Delivers Container Security Scanning with RHEL
Remarkable news is arriving out of Red Hat Summit this week. Microsoft chose the summit to announce the general availability of .NET Core and ASP.NET Core 1.0, and a related partnerhship with Red Hat that promises to meld .NET tools and infrastructure with Red Hat Linux. The .NET Foundation, will be the steward of overall .NET development, and Red Hat has joined the foundation.
Meanwhile, Red Hat is aligning its whole enterprise product line around containers, and has introduced new container security components. At the summit, Red Hat discussed two ways of doing container security scanning from within its enterprise OS.
Container scanning tools are an emerging way of protecting security when running containerized apps. For example, Docker Security Scanning is one such solution, found in Docker's cloud-based app delivery service.
Red Hat's new container capabilities come via the latest version of Red Hat Enterprise Linux Atomic Host, which serves as the container operating system for Red Hat OpenShift Container Platform. Expanding Red Hat’s existing collaboration with Black Duck Software, Black Duck Hub is now fully integrated and supported as a container scanner. Black Duck Hub provides deep container inspection (DCI) of many open source components used in the operating system user space, as well as applications and libraries that might be added to containers by developers. The scanner maps known open source security vulnerabilities and dynamically monitors container inventory, providing alerts on any new vulnerabilities affecting the code.
"By running natively on Atomic Host, Black Duck Hub delivers added confidence in the security profile of all container images and components from development to test to production, all at scale," claims Red Hat. The announcement adds:
"Additionally, Red Hat Enterprise Linux Atomic Host also includes a technology preview of the OpenSCAP scanner. The Open Security Content Automation Protocol (OpenSCAP) project provides an ecosystem of tools and policies to help assess, measure and enforce IT security measures; the OpenSCAP scanner, also integrated with Atomic Host, applies these same protocols to container content, helping to more quickly identify vulnerabilities for remediation."
Tim Yeaton, senior vice president of the Infrastructure Business Group at Red Hat said: “Our customers want the agility of containers but cannot risk their mission-critical systems and applications on unknown content or unsupported containers - a key reason behind Red Hat’s focus on container security across our portfolio. While security is crucial to all industries, there is no ‘silver bullet’ for all of our customers’ needs, especially with the many varied deployment scenarios for Linux containers. We recognize this challenge, and the latest version of Red Hat Enterprise Linux Atomic Host, with its simplified scanner integration, gives enterprises the freedom to choose a container scanning technology that best meets their needs.”