The Red Hat Advanced Cluster Security (RHACS) engineering team is excited to announce the pending release of the latest RHACS version, packed with brand-new features and updates. The team continues to build on the 4.0 major release and RHACS Cloud Service announcements last year with a feature-packed release to kick off 2024. The RHACS 4.4 release will focus on increased consistency of scan results, strengthened security posture management, and more automated security features to alleviate monotonous security tasks.
Significant updates include:
- A new vulnerability scanner termed “Scanner V4” (tech preview) utilizing upstream ClairCore, enabling consistent and more comprehensive vulnerability updates
- Compliance capabilities released in tech preview, with more to come in future releases
- CO-RE BPF becomes the default collection method for RHACS
- Cluster discovery by using cloud source integrations
- Bring your own database for Central database
- Build-time network policy tools
- Release life cycles have been extended to include a Full and Maintenance Support Phases. This change now extends the lifecycle of each ACS release to 10 months from previous six months life cycle
- RHACS support matrix outlines details on RHACS compatibility with OpenShift releases and supportability
However, make sure to check out the many RHACS platform updates, such as:
- Init-bundle graphical user interface improvements
- Support for RHACS on ROSA-hosted control plane
- Short-lived API tokens for Central
- Authenticating AWS and GCP integrations by using short-lived tokens (Tech Preview)
- Operator life cycle updates
- Enhanced policy management roxctl deployment check command
As always, you can find more information about the release in the RHACS documentation and release notes, and you can explore the newest version of RHACS through the 60-day, no-cost trial of RHACS Cloud Service.
Introducing the unified ‘Vulnerability Scanner V4’ (tech preview)
We're thrilled to unveil the latest RHACS vulnerability management workflow update with the all-new RHACS ‘Scanner V4,’ available in tech preview. This release marks a significant milestone as we integrate the finest features from the existing StackRox Scanner and the upstream Clair V4 Scanner from Red Hat Quay. Here's what you can expect from the new Scanner V4:
Consistent and accurate scanning: Reliable vulnerability scan results across the entire Red Hat product ecosystem, including RHACS and Red Hat Quay.
Expanded language and operating system support: We've listened to your feedback and expanded our support to include Golang in language vulnerability scanning. Additionally, we're proud to include Oracle Linux, SUSE Linux Enterprise, and Photon OS in our operating system scanning capabilities.
Comprehensive vulnerability database source: We've adopted OSV.dev as the primary source for all supported programming language packages to help deliver the most up-to-date vulnerability information.
It is important to note that all RHACS upgrades and new installations will use the StackRox Scanner by default. Still, you will now have the option to choose the new Vulnerability Scanner V4 instead of the default StackRox Scanner, which offers additional compatibility benefits and an extended scope.
For more information about enabling the RHACS Scanner V4, see:
- “Scanner settings” in Installing RHACS on Red Hat OpenShift.
- “Scanner V4” in Installing RHACS on other platforms.
RHACS new compliance capabilities (Technology preview)
The RHACS team is excited to announce the Compliance (2.0) launch as a Technology Preview feature in RHACS 4.4! As part of a larger compliance workflow initiative, RHACS users will have access to the latest updates and be able to give feedback about features they wish to see in the product.
With Compliance (2.0) in RHACS 4.4, users can expect the following:
- A more seamless integration of Compliance Operator and RHACS for a unified experience. Configuration, scheduling, and execution of infrastructure scans directly from the RHACS interface.
- Convenient access to OpenShift compliance operator scan results within RHACS for easy review and analysis.
We anticipate future releases to bring even more powerful capabilities, including:
- Remediation of deficiencies and exporting scan results directly from the RHACS dashboard.
- Creation of custom profiles tailored to specific compliance requirements.
- Support for workload compliance, driving more comprehensive coverage across your environment.
For further details on the support scope of Red Hat Technology Preview features, please refer to the Technology Preview Features Support Scope documentation.
CO-RE BPF becomes the default collection method for RHACS
Starting with RHACS 4.4, the default runtime collection method is powered by eBPF CO-RE (Compile Once, Run Everywhere), offering compatibility across different kernel versions and providing smoother upgrades. This collection method was introduced in the RHACS 4.0 release, and unless explicitly configured otherwise, your cluster will seamlessly transition upon upgrading.
Discover more about the requirements for the CO-RE BPF collector in the RHACS documentation.
Discover unprotected clusters with Paladin Cloud integration
A standout feature of RHACS 4.4 is ease of integration with Red Hat OpenShift Cluster Manager and Paladin Cloud, enabling you to uncover new clusters that lack protection within your environment. With this integration, RHACS now offers a comprehensive list of clusters across your OpenShift environment and major cloud platforms, including Amazon Elastic Kubernetes Service (Amazon EKS), Google Kubernetes Engine (Google GKE), and Microsoft Azure Kubernetes Service (Microsoft AKS). Learn more about the tight integration of RHACS Cloud Service and Paladin Cloud in this joint blog post.
Bring your own PostgreSQL database
We are pleased to announce that users can utilize their own PostgreSQL-compatible database for the RHACS Central database in this release. This option offers the flexibility to deploy PostgreSQL within or outside the cluster. Whether deployed on bare metal, virtual machines, or as a cloud-hosted service, users can customize their deployment to suit their specific requirements.
Please refer to the RHACS Support Matrix for further details regarding supported platforms.
Build-time network policy tools
Creating Network Policies can be time complicated and time-consuming, and our customers want an easier way to enforce zero-trust networking across their clusters. Build-time network policy tools aim to create an automated approach to network policy creation that is as close to the developer as possible, saving time for everyone involved in the DevSecOps pipeline.
Build-time network policy tools enable users to generate network policies locally or as a part of a build-deploy pipeline. This automation enables zero-trust networking by explicitly defining the network traffic in your Kubernetes clusters, and we are excited to announce its general availability!
Try out RHACS today!
Interested in checking out these features and more? Try out the latest release of RHACS in our 60-day, no-cost trial of RHACS Cloud Service today!
About the author
More like this
Browse by channel
Automation
The latest on IT automation for tech, teams, and environments
Artificial intelligence
Updates on the platforms that free customers to run AI workloads anywhere
Open hybrid cloud
Explore how we build a more flexible future with hybrid cloud
Security
The latest on how we reduce risks across environments and technologies
Edge computing
Updates on the platforms that simplify operations at the edge
Infrastructure
The latest on the world’s leading enterprise Linux platform
Applications
Inside our solutions to the toughest application challenges
Original shows
Entertaining stories from the makers and leaders in enterprise tech
Products
- Red Hat Enterprise Linux
- Red Hat OpenShift
- Red Hat Ansible Automation Platform
- Cloud services
- See all products
Tools
- Training and certification
- My account
- Customer support
- Developer resources
- Find a partner
- Red Hat Ecosystem Catalog
- Red Hat value calculator
- Documentation
Try, buy, & sell
Communicate
About Red Hat
We’re the world’s leading provider of enterprise open source solutions—including Linux, cloud, container, and Kubernetes. We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.
Select a language
Red Hat legal and privacy links
- About Red Hat
- Jobs
- Events
- Locations
- Contact Red Hat
- Red Hat Blog
- Diversity, equity, and inclusion
- Cool Stuff Store
- Red Hat Summit