Bug 1412944 - [RFE] Vulnerability Scanning tooling for containers running within OpenShift
Summary: [RFE] Vulnerability Scanning tooling for containers running within OpenShift
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: RFE
Version: 3.3.0
Hardware: Unspecified
OS: Unspecified
unspecified
low
Target Milestone: ---
: 3.8.0
Assignee: Alexey Gladkov
QA Contact: Xiaoli Tian
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-01-13 07:59 UTC by Vladislav Walek
Modified: 2020-08-13 08:48 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-10-17 16:07:06 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Comment 1 Mark Chappell 2017-01-13 08:05:10 UTC 
Description of problem:

We're offering a general purpose OpenShift instance for internal customers.

One of the problems with running such a service is that our users will almost certainly 'fire and forget', potentially leaving services open with known vulnerabilities.

It would be very useful to have some tooling built into the platform that allows us to scan running images for known security vulnerabilities, for example RPMs with known vulnerabilities.
Comment 5 Shawn Wells 2017-06-15 17:48:49 UTC 
This has been available for several years now.

http://cloudformsblog.redhat.com/2017/02/27/ensuring-container-image-security-on-openshift-with-red-hat-cloudforms/

and some slides:
https://www.slideshare.net/LucyHuhKerner/automating-security-compliance-for-physical-virtual-cloud-and-container-environments-with-red-hat-cloudforms-red-hat-satellite-red-hat-insights-and-ansible-tower-by-red-hat
Comment 6 Shawn Wells 2017-06-15 17:49:30 UTC 
and of course, atomic scan:

https://developers.redhat.com/blog/2016/05/02/introducing-atomic-scan-container-vulnerability-detection/
Note You need to log in before you can comment on or make changes to this bug.