mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
42 lines
2.3 KiB
Plaintext
42 lines
2.3 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * security/container_security/security-registries.adoc
|
|
|
|
[id="security-registries-ecosystem_{context}"]
|
|
= Getting containers from Red Hat Registry and Ecosystem Catalog
|
|
|
|
Red Hat lists certified container images for Red Hat products and partner offerings from the
|
|
link:https://catalog.redhat.com/software/containers/explore[Container Images]
|
|
section of the Red Hat Ecosystem Catalog. From that catalog,
|
|
you can see details of each image, including CVE, software packages listings, and health
|
|
scores.
|
|
|
|
Red Hat images are actually stored in what is referred to as the _Red Hat Registry_,
|
|
which is represented by a public container registry (`registry.access.redhat.com`)
|
|
and an authenticated registry (`registry.redhat.io`).
|
|
Both include basically the same set of container images, with
|
|
`registry.redhat.io` including some additional images that require authentication
|
|
with Red Hat subscription credentials.
|
|
|
|
Container content is monitored for vulnerabilities by Red Hat and updated
|
|
regularly. When Red Hat releases security updates, such as fixes to _glibc_,
|
|
link:https://access.redhat.com/security/vulnerabilities/drown[DROWN], or
|
|
link:https://access.redhat.com/blogs/766093/posts/2757141[Dirty Cow],
|
|
any affected container images are also rebuilt and pushed
|
|
to the Red Hat Registry.
|
|
|
|
Red Hat uses a `health index` to reflect the security risk for each container provided through
|
|
the Red Hat Ecosystem Catalog. Because containers consume software provided by Red
|
|
Hat and the errata process, old, stale containers are insecure whereas new,
|
|
fresh containers are more secure.
|
|
|
|
To illustrate the age of containers, the Red Hat Container Catalog uses a
|
|
grading system. A freshness grade is a measure of the oldest and most severe
|
|
security errata available for an image. "A" is more up to date than "F". See
|
|
link:https://access.redhat.com/articles/2803031[Container Health Index grades as used inside the Red Hat Container Catalog] for more details on this grading system.
|
|
|
|
Refer to the link:https://access.redhat.com/security/[Red Hat Product Security Center]
|
|
for details on security updates and vulnerabilities related to Red Hat software.
|
|
Check out link:https://access.redhat.com/security/security-updates/#/security-advisories[Red Hat Security Advisories]
|
|
to search for specific advisories and CVEs.
|