Bug 1412944

Summary: [RFE] Vulnerability Scanning tooling for containers running within OpenShift
Product: OpenShift Container Platform Reporter: Vladislav Walek <vwalek>
Component: RFEAssignee: Alexey Gladkov <agladkov>
Status: CLOSED WONTFIX QA Contact: Xiaoli Tian <xtian>
Severity: low Docs Contact:
Priority: unspecified    
Version: 3.3.0CC: aos-bugs, bparees, jokerman, mchappel, mmccomas, swells
Target Milestone: ---   
Target Release: 3.8.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-10-17 16:07:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Comment 1 Mark Chappell 2017-01-13 08:05:10 UTC 
Description of problem:

We're offering a general purpose OpenShift instance for internal customers.

One of the problems with running such a service is that our users will almost certainly 'fire and forget', potentially leaving services open with known vulnerabilities.

It would be very useful to have some tooling built into the platform that allows us to scan running images for known security vulnerabilities, for example RPMs with known vulnerabilities.
Comment 5 Shawn Wells 2017-06-15 17:48:49 UTC 
This has been available for several years now.

http://cloudformsblog.redhat.com/2017/02/27/ensuring-container-image-security-on-openshift-with-red-hat-cloudforms/

and some slides:
https://www.slideshare.net/LucyHuhKerner/automating-security-compliance-for-physical-virtual-cloud-and-container-environments-with-red-hat-cloudforms-red-hat-satellite-red-hat-insights-and-ansible-tower-by-red-hat
Comment 6 Shawn Wells 2017-06-15 17:49:30 UTC 
and of course, atomic scan:

https://developers.redhat.com/blog/2016/05/02/introducing-atomic-scan-container-vulnerability-detection/