mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 21:46:22 +01:00
35 lines
1.6 KiB
Plaintext
35 lines
1.6 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * security/container_security/security-container-content.adoc
|
|
|
|
[id="security-container-content-inside_{context}"]
|
|
= Securing inside the container
|
|
|
|
Applications and infrastructures are composed of readily available components,
|
|
many of which are open source packages such as, the Linux operating system,
|
|
JBoss Web Server, PostgreSQL, and Node.js.
|
|
|
|
Containerized versions of these packages are also available. However, you need
|
|
to know where the packages originally came from, what versions are used, who built them, and whether
|
|
there is any malicious code inside them.
|
|
|
|
Some questions to answer include:
|
|
|
|
* Will what is inside the containers compromise your infrastructure?
|
|
* Are there known vulnerabilities in the application layer?
|
|
* Are the runtime and operating system layers current?
|
|
|
|
By building your containers from Red Hat
|
|
link:https://access.redhat.com/articles/4238681[Universal Base Images] (UBI) you are
|
|
assured of a foundation for your container images that consists of
|
|
the same RPM-packaged software that is included in Red Hat Enterprise Linux.
|
|
No subscriptions are required to either use or redistribute UBI images.
|
|
|
|
To assure ongoing security of the containers themselves, security
|
|
scanning features, used directly from {op-system-base} or added to {product-title},
|
|
can alert you when
|
|
an image you are using has vulnerabilities. OpenSCAP image scanning is
|
|
available in {op-system-base} and the
|
|
link:https://access.redhat.com/documentation/en-us/red_hat_quay/3/html/red_hat_quay_operator_features/container-security-operator-setup[{rhq-cso}] can be added
|
|
to check container images used in {product-title}.
|