Hide Forgot
Description of problem: We're offering a general purpose OpenShift instance for internal customers. One of the problems with running such a service is that our users will almost certainly 'fire and forget', potentially leaving services open with known vulnerabilities. It would be very useful to have some tooling built into the platform that allows us to scan running images for known security vulnerabilities, for example RPMs with known vulnerabilities.
This has been available for several years now. http://cloudformsblog.redhat.com/2017/02/27/ensuring-container-image-security-on-openshift-with-red-hat-cloudforms/ and some slides: https://www.slideshare.net/LucyHuhKerner/automating-security-compliance-for-physical-virtual-cloud-and-container-environments-with-red-hat-cloudforms-red-hat-satellite-red-hat-insights-and-ansible-tower-by-red-hat
and of course, atomic scan: https://developers.redhat.com/blog/2016/05/02/introducing-atomic-scan-container-vulnerability-detection/