openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-06 06:46:26 +01:00
Code Issues Releases Activity
Files
eb21424e97d48118fd1ff8c8b4dff94de2dd3b1c
openshift-docs/modules/security-container-content-scanning.adoc
Chris Negus 76d9d62a7f Created Container Security Guide
2020-07-07 03:49:55 +00:00

35 lines
1.9 KiB
Plaintext
Raw Blame History

// Module included in the following assemblies:
//
// * security/container_security/security-container-content.adoc
[id="security-container-content-scanning_{context}"]
= Security scanning in {op-system-base}
For {op-system-base-full} systems, OpenSCAP scanning is available
from the `openscap-utils` package. In {op-system-base}, you can use the `openscap-podman`
command to scan images for vulnerabilities. See
link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/security_hardening/index#scanning-the-system-for-configuration-compliance-and-vulnerabilities_security-hardening[Scanning containers and container images for vulnerabilities] in the Red Hat Enterprise Linux documentation.
{product-title} enables you to leverage {op-system-base} scanners with your CI/CD process.
For example, you can integrate static code analysis tools that test for security
flaws in your source code and software composition analysis tools that identify
open source libraries in order to provide metadata on those libraries such as
known vulnerabilities.
[id="quay-security-scan_{context}"]
== Scanning OpenShift images
For the container images that are running in {product-title}
and are pulled from Red Hat Quay registries, you can use an Operator to list the
vulnerabilities of those images. The
link:https://access.redhat.com/documentation/en-us/red_hat_quay/3/html-single/manage_red_hat_quay/index#container-security-operator-setup[Container Security Operator]
can be added to {product-title} to provide vulnerability reporting
for images added to selected namespaces.
Container image scanning for Red Hat Quay is performed by the
link:https://access.redhat.com/documentation/en-us/red_hat_quay/3/html-single/manage_red_hat_quay/index#quay-security-scanner[Clair security scanner].
In Red Hat Quay, Clair can search for and report vulnerabilities in
images built from {op-system-base}, CentOS, Oracle, Alpine, Debian, and Ubuntu
operating system software.
View Git Blame Copy Permalink