mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
29 lines
1.3 KiB
Plaintext
29 lines
1.3 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * security/container_security/security-registries.adoc
|
|
|
|
[id="security-registries-immutable_{context}"]
|
|
= Immutable and certified containers
|
|
|
|
Consuming security updates is particularly important when managing _immutable
|
|
containers_. Immutable containers are containers that will never be changed
|
|
while running. When you deploy immutable containers, you do not step into the
|
|
running container to replace one or more binaries. From an operational
|
|
standpoint, you rebuild and redeploy an updated container image
|
|
to replace a container instead of changing it.
|
|
|
|
Red Hat certified images are:
|
|
|
|
* Free of known vulnerabilities in the platform components or layers
|
|
* Compatible across the {op-system-base} platforms, from bare metal to cloud
|
|
* Supported by Red Hat
|
|
|
|
The list of known vulnerabilities is constantly evolving, so you must track the
|
|
contents of your deployed container images, as well as newly downloaded images,
|
|
over time. You can use
|
|
link:https://access.redhat.com/security/security-updates/#/security-advisories[Red Hat Security Advisories (RHSAs)]
|
|
to alert you to any newly discovered issues in
|
|
Red Hat certified container images, and direct you to the updated image.
|
|
Alternatively, you can go to the Red Hat Ecosystem Catalog
|
|
to look up that and other security-related issues for each Red Hat image.
|