mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
38 lines
1.4 KiB
Plaintext
38 lines
1.4 KiB
Plaintext
:_mod-docs-content-type: ASSEMBLY
|
|
[id="pod-vulnerability-scan"]
|
|
= Scanning pods for vulnerabilities
|
|
include::_attributes/common-attributes.adoc[]
|
|
:context: pod-vulnerability-scan
|
|
|
|
toc::[]
|
|
|
|
[IMPORTANT]
|
|
====
|
|
The {rhq-cso} has been deprecated and is planned for removal in a future release of {product-title}. The official replacement product of the {rhq-cso} is Red{nbsp}Hat Advanced Cluster Security for Kubernetes.
|
|
====
|
|
|
|
Using the {rhq-cso}, you can access vulnerability
|
|
scan results from the {product-title} web console for container images
|
|
used in active pods on the cluster. The {rhq-cso}:
|
|
|
|
* Watches containers associated with pods on all or specified namespaces
|
|
* Queries the container registry where the containers came from for
|
|
vulnerability information, provided an image's registry is running image
|
|
scanning (such as
|
|
link:https://quay.io[Quay.io] or a
|
|
link:https://access.redhat.com/products/red-hat-quay[{quay}] registry with Clair scanning)
|
|
* Exposes vulnerabilities via the `ImageManifestVuln` object in the Kubernetes API
|
|
|
|
Using the instructions here, the {rhq-cso} is installed in the `openshift-operators`
|
|
namespace, so it is available to all namespaces on your {product-title} cluster.
|
|
|
|
//
|
|
include::modules/security-pod-scan-cso.adoc[leveloffset=+1]
|
|
|
|
include::modules/security-pod-scan-cso-using.adoc[leveloffset=+1]
|
|
|
|
//
|
|
include::modules/security-pod-scan-query-cli.adoc[leveloffset=+1]
|
|
|
|
include::modules/removing-cso-operator.adoc[leveloffset=+1]
|