// Module included in the following assemblies:
//
// * security/container_security/security-container-content.adoc

[id="security-container-content-inside_{context}"]
= Securing inside the container

Applications and infrastructures are composed of readily available components,
many of which are open source packages such as, the Linux operating system,
JBoss Web Server, PostgreSQL, and Node.js.

Containerized versions of these packages are also available. However, you need
to know where the packages originally came from, what versions are used, who built them, and whether
there is any malicious code inside them.

Some questions to answer include:

* Will what is inside the containers compromise your infrastructure?
* Are there known vulnerabilities in the application layer?
* Are the runtime and operating system layers current?

By building your containers from Red Hat
link:https://access.redhat.com/articles/4238681[Universal Base Images] (UBI) you are
assured of a foundation for your container images that consists of
the same RPM-packaged software that is included in Red Hat Enterprise Linux.
No subscriptions are required to either use or redistribute UBI images.

To assure ongoing security of the containers themselves, security
scanning features, used directly from {op-system-base} or added to {product-title},
can alert you when
an image you are using has vulnerabilities. OpenSCAP image scanning is
available in {op-system-base} and the
link:https://access.redhat.com/documentation/en-us/red_hat_quay/3/html-single/manage_red_hat_quay/index#container-security-operator-setup[Container Security Operator] can be added
to check container images used in {product-title}.