Log in / Register Account

Security partners

Modernize your life cycle and reduce risk with DevSecOps

Jump to section

Our certified ecosystem and framework help you adopt DevSecOps with confidence

The rapid pace of digital transformation has led to hastily glued-together DevSecOps tools and processes instead of a single, cohesive, and efficient system.

Red Hat works closely with our security ecosystem partners to weave together the technologies you need to build a comprehensive DevSecOps solution. A properly woven-together system will improve efficiency and performance of your application and container life cycle, while reducing risk and helping you make the most of your Red Hat® investments.

Watch the video: Securing the pipeline with DevSecOps and OpenShift Container Platform

Solution overview

Address security challenges across the entire application and platform life cycle with our certified partners

Red Hat platforms create a foundation for DevSecOps, while our partners integrate and automate security tools and methods into the entire application life cycle. Red Hat is uniquely positioned to bring you a comprehensive DevSecOps solution because of our open source mission, expertise in an open hybrid cloud, and extensive partner ecosystem. Red Hat OpenShift® and Red Hat Ansible® Automation Platform, together with partner technologies, help you address security challenges across your container application life cycle, including development, deployment, and runtime.

Red Hat’s view is that securing a container life cycle with DevSecOps methods requires change across three areas: culture, process, and technology.

  • Culture means fostering a culture of collaboration between developers, operations, and security teams, along with helping all of them understand why and how security should be involved in the entire DevOps life cycle.
  • Process refers to applying workflow standardization, documentation, and automation in agreed-upon processes to improve efficiency and security throughout the life cycle.
  • Technology requires integrating the platforms, tools, and processes you're using for application development, deployment, and operations into a single cohesive system called DevSecOps.

Weaving these together to complement and support each other is critical. Security should be woven throughout, and made as transparent and automatic as possible.

Transform your business with DevSecOps

Icons-Red_Hat-Diagrams-Development_Model-A-Black-RGB

Certified technology

Icon-Red_Hat-Diagrams-Community_Culture-A-Black-RGB

Collaborative culture

Icon-Red_Hat-Lifecycle-A-Black-RGB

Integrated processes

Icon-Red_Hat-Software_and_technologies-Secured-A-Black-RGB

Security ecosystem

Security use cases

The Red Hat security framework and ecosystem

Red Hat works closely with our strategic partners to certify integrations with Red Hat OpenShift and Red Hat Ansible Automation Platform. This gives us a holistic view of the DevSecOps life cycle and helps us create a taxonomy of security capabilities so you can more easily consume DevSecOps solutions.

The Red Hat DevSecOps framework identifies nine security categories and 34 technologies that address the entire application life cycle. The framework places Red Hat built-in capabilities, DevOps toolchains, and security partner solutions at key integration points in the pipeline. You can implement some or all the methods and technologies within a category depending on the scope of your DevOps environment and your specific requirements.

Security use cases

Red Hat and our partners work together, giving you access to the expertise you need to weave security and automation throughout the entire application life cycle. Working together, we can help you craft a complete solution that makes security mostly automatic and nearly transparent to development and operations staff. Areas of expertise include:

Decorative illustration

Platform security

Most Red Hat security features are enabled by default to help simplify deployment and minimize risk. These features help you protect containers at their boundaries and protect the host from container escapes. Platform security methods include:

  • Host
  • Container platform
  • Namespace
  • Isolation
  • Kubernetes and container hardening

Vulnerability and configuration management

Improve, identify, classify, and resolve application, configuration, and container image security defects. These methods help incorporate security into the DevSecOps life cycle early, which saves time and money. Vulnerability and configuration management methods include:

  • Static application security testing (SAST)
  • Static code analysis (SCA)
  • Interactive application security testing (IAST)
  • Dynamic application security testing (DAST)
  • Configuration management
  • Image risk

Identity and access management

Identity and access management (IAM) methods control access to on-premises and cloud assets, applications, and data based on user or application identity and administratively defined policies. IAM methods are found in every stage of the DevSecOps life cycle and can help protect against unauthorized system access and lateral movement. IAM methods include:

  • Authentication
  • Authorization
  • Secrets vault
  • Hardware security modules (HSM)
  • Provenance

Compliance and governance

Compliance methods and technologies help you adhere to industry and government regulations and corporate policies. These capabilities support automated compliance validation and reporting throughout the DevSecOps pipeline, helping you simplify audits and avoid costly regulatory fines and lawsuits. Compliance methods include:

  • Regulatory compliance auditing
  • Compliance controls and remediation

Network controls

Network controls and segmentation methods allow you to control, segregate, and visualize Kubernetes traffic. These methods help you isolate tenants and secure communications flows between containerized applications and microservices. Network controls and segmentation methods include:

  • Container network interface (CNI) plug-ins
  • Network policies
  • Traffic control
  • Service mesh
  • Visualization
  • Package analysis
  • Application programming interface (API) management

Runtime analysis and protection

Production runtime methods help maintain cluster hygiene by identifying and mitigating suspicious and malicious activity in real time. Runtime analysis and protection methods include:

  • Admission controller
  • Application behavior analysis
  • Threat defense

Data controls

Data control methods and technologies help protect data integrity and prevent unauthorized data disclosure. These tools protect data at rest and data in motion, helping you safeguard intellectual property and confidential customer information. Data controls include:

  • Data protection and encryption

Logging and monitoring

Logging and monitoring methods provide information about security incidents in your production environment. These methods describe when the event occurred and provide probable cause and impact information, helping you improve visibility and accelerate incident response. Logging and monitoring methods include:

  • Cluster monitoring
  • Security information and event management (SIEM)
  • Forensics

Remediation

Remediation methods automatically take corrective actions when security incidents occur in production. They help you improve uptime and avoid data loss. Remediation methods include:

  • Security orchestration, automation, and response (SOAR) platforms
  • Automatic resolution

Security partners

Vulnerability

image

Red Hat and Palo Alto Networks help you protect your environment with cloud-native security and compliance throughout the entire development life cycle. Prisma Cloud by Palo Alto Networks works with Red Hat OpenShift to deliver comprehensive cloud security posture management (CSPM) and cloud workload protection (CWP) for your deployments.

Synopsys logo

Red Hat and Synopsys help you create high-quality, security-focused code to minimize risks while maximizing speed and productivity. Synopsys Black Duck for OpenShift automatically discovers, scans, monitors, and inspects all container images in your Red Hat OpenShift clusters to identify open source security and compliance risks at any phase of container construction.

 

Aqua Security logo

Red Hat and Aqua Security help you manage and scale your cloud-native workloads while reducing risk across on-site, hybrid, and cloud infrastructure. The Aqua Cloud Native Security Platform integrates with Red Hat OpenShift to provide risk-based vulnerability management, detailed runtime protection, and comprehensive infrastructure assurance and compliance. 

Sysdig logo

Red Hat and Sysdig help enterprises rapidly adopt cloud-native approaches. Sysdig Secure DevOps Platform, Sysdig Secure, and Sysdig Monitor work with Red Hat OpenShift and Red Hat Advanced Cluster Management for Kubernetes to deliver unified security, compliance, and monitoring for private, hybrid, and multicloud environments.

Anchore logo

Red Hat and Anchore partner to provide security and compliance enforcement for Red Hat container deployments. Anchore Enterprise embeds continuous security and compliance checks in every step of your software development process enabling quicker, easier, and lower cost remediation for Red Hat Technologies.

NeuVector logo

Container-based environments, operating at highly automated scale, leave DevOps and security teams blind to attacks in east-west traffic and with zero network visibility. NeuVector delivers protection without compromise, from Dev to production, with automated security for Kubernetes and OpenShift and the only container firewall with packet-level interrogation and enforcement.

snyk logo

Empower developers to easily find and fix vulnerabilities in containers and Kubernetes applications, including Red Hat OpenShift. Snyk Open Source automatically finds, prioritizes, and fixes vulnerabilities in open source dependencies. Snyk Code is a Static Application Security Testing (SAST) tool re-imagined for the developer.

Compliance

Aqua Security logo

Red Hat and Aqua Security help you manage and scale your cloud-native workloads more securely across on-site, hybrid, and cloud infrastructure. The Aqua Cloud Native Security Platform integrates with Red Hat OpenShift to provide risk-based vulnerability management, detailed runtime protection, and comprehensive infrastructure assurance and compliance.

Synopsys logo

Red Hat and Synopsys help you create high-quality, security-focused code to minimize risks while maximizing speed and productivity. Synopsys Black Duck for OpenShift automatically discovers, scans, monitors, and inspects all container images in your Red Hat OpenShift clusters to identify open source security and compliance risks at any phase of container construction.

Sysdig logoRed Hat and Sysdig help enterprises rapidly adopt cloud-native approaches. Sysdig Secure DevOps Platform, Sysdig Secure, and Sysdig Monitor work with Red Hat OpenShift and Red Hat Advanced Cluster Management for Kubernetes to deliver unified security, compliance, and monitoring for private, hybrid, and multicloud environments.

image

Red Hat and Palo Alto Networks help you protect your environment with cloud-native security and compliance throughout the entire development life cycle. Prisma Cloud by Palo Alto Networks works with Red Hat OpenShift to deliver comprehensive cloud security posture management (CSPM) and cloud workload protection (CWP) for your deployments.

Anchore logoRed Hat and Anchore partner to provide security and compliance enforcement for Red Hat container deployments. Anchore Enterprise embeds continuous security and compliance checks in every step of your software development process enabling quicker, easier, and lower cost remediation for Red Hat Technologies.

NeuVector logoContainer-based environments, operating at highly automated scale, leave DevOps and security teams blind to attacks in east-west traffic and with zero network visibility. NeuVector delivers protection without compromise, from Dev to production, with automated security for Kubernetes and OpenShift and the only container firewall with packet-level interrogation and enforcement.

Tigera logoTigera and Red Hat have partnered to deliver an integrated security and observability solution for Kubernetes networking and microservices. The solution empowers developers to innovate and ship faster with the leading hybrid and multicloud container platform, while providing fine-grained security and compliance controls to protect Kubernetes workloads.

Identity

CyberArk logoRed Hat and CyberArk help you improve the security of your container environments and automation scripts. Enterprise-wide privileged access security policies provide visibility, auditing, enforcement, and secrets management to mitigate business risks. CyberArk DevSecOps products—including Conjur Secrets Manager and Credential Providers—integrate with Red Hat OpenShift and Red Hat Ansible Automation Platform to protect, rotate, monitor, and manage privileged credentials for people, applications, scripts, and other non-human identities using a centralized platform.

IBM logoUncover hidden threats, make more informed risk-based decisions, and respond faster to cyber threats with an open, integrated cybersecurity platform built on Red Hat OpenShift for hybrid, multicloud deployment. Connect to your existing data sources to generate deeper insights into threats. Securely access IBM and third-party tools to search for threats across any cloud or on-premises location. Quickly orchestrate actions and responses to those threats—all while leaving your data where it is.

Thales logoThe OpenShift integration with Thales Luna HSMs ensures containerized applications can benefit from HSM protection of the entire key life cycle, accelerate cryptographic operations, and benefit from FIPS 140-2 Level 3 security in accordance with industry and government regulations.

Data

IBM logo

Uncover hidden threats, make more informed risk-based decisions, and respond faster to cyber threats with an open, integrated cybersecurity platform built on Red Hat OpenShift for hybrid, multicloud deployment. Connect to your existing data sources to generate deeper insights into threats. Securely access IBM and third-party tools to search for threats across any cloud or on-premises location. Quickly orchestrate actions and responses to those threats—all while leaving your data where it is.

Zettaset logoRed Hat and Zettaset help you protect data across any on-premises, cloud, or hybrid deployment to prevent data theft without slowing down your DevSecOps process. XCrypt Kubernetes Encryption for OpenShift and Zettaset Centralized Management Console provide unified encryption management for multiple clusters.

Thales logo

The OpenShift integration with Thales Luna HSMs ensures containerized applications can benefit from HSM protection of the entire key life cycle, accelerate cryptographic operations, and benefit from FIPS 140-2 Level 3 security in accordance with industry and government regulations.

Runtime

Aqua Security logoRed Hat and Aqua Security help you manage and scale your cloud-native workloads more securely across on-site, hybrid, and cloud infrastructure. The Aqua Cloud Native Security Platform integrates with Red Hat OpenShift to provide risk-based vulnerability management, detailed runtime protection, and comprehensive infrastructure assurance and compliance.

Sysdig logoRed Hat and Sysdig help enterprises rapidly adopt cloud-native approaches. Sysdig Secure DevOps Platform, Sysdig Secure, and Sysdig Monitor work with Red Hat OpenShift and Red Hat Advanced Cluster Management for Kubernetes to deliver unified security, compliance, and monitoring for private, hybrid, and multicloud environments.

Palo Alto Networks logo

Red Hat and Palo Alto Networks help you protect your environment with cloud-native security and compliance throughout the entire development life cycle. Prisma Cloud by Palo Alto Networks works with Red Hat OpenShift to deliver comprehensive cloud security posture management (CSPM) and cloud workload protection (CWP) for your deployments.

NeuVector logoContainer-based environments, operating at highly automated scale, leave DevOps and security teams blind to attacks in east-west traffic and with zero network visibility. NeuVector delivers protection without compromise, from Dev to production, with automated security for Kubernetes and OpenShift and the only container firewall with packet-level interrogation and enforcement.

Monitoring

Splunk logoSecurity event detection and correlation back to the DevSecOps life cycle and tools. Security events are happening in production on an application, Splunk can correlate that event back to the application, developer, team, and tools used to build that application to provide quicker time to remediate that security event.

Sysdig logoRed Hat and Sysdig help enterprises rapidly adopt cloud-native approaches. Sysdig Secure DevOps Platform, Sysdig Secure, and Sysdig Monitor work with Red Hat OpenShift and Red Hat Advanced Cluster Management for Kubernetes to deliver unified security, compliance, and monitoring for private, hybrid, and multicloud environments.

Aqua Security logoRed Hat and Aqua Security help you manage and scale your cloud-native workloads more securely across on-site, hybrid, and cloud infrastructure. The Aqua Cloud Native Security Platform integrates with Red Hat OpenShift to provide risk-based vulnerability management, detailed runtime protection, and comprehensive infrastructure assurance and compliance.

NeuVector logoContainer-based environments, operating at highly automated scale, leave DevOps and security teams blind to attacks in east-west traffic and with zero network visibility. NeuVector delivers protection without compromise, from Dev to production, with automated security for Kubernetes and OpenShift and the only container firewall with packet-level interrogation and enforcement.

Palo Alto Networks logo

Red Hat and Palo Alto Networks help you protect your environment with cloud-native security and compliance throughout the entire development life cycle. Prisma Cloud by Palo Alto Networks works with Red Hat OpenShift to deliver comprehensive cloud security posture management (CSPM) and cloud workload protection (CWP) for your deployments.

Remediation

snyk logoEmpower developers to easily find and fix vulnerabilities in containers and Kubernetes applications, including Red Hat OpenShift. Snyk Open Source automatically finds, prioritizes, and fixes vulnerabilities in open source dependencies. Snyk Code is a Static Application Security Testing (SAST) tool re-imagined for the developer.

Palo Alto Networks logo

Red Hat and Palo Alto Networks help you protect your environment with cloud-native security and compliance throughout the entire development life cycle. Prisma Cloud by Palo Alto Networks works with Red Hat OpenShift to deliver comprehensive cloud security posture management (CSPM) and cloud workload protection (CWP) for your deployments.

IBM logo

Uncover hidden threats, make more informed risk-based decisions, and respond faster to cyber threats with an open, integrated cybersecurity platform built on Red Hat OpenShift for hybrid, multicloud deployment. Connect to your existing data sources to generate deeper insights into threats. Securely access IBM and third-party tools to search for threats across any cloud or on-premises location. Quickly orchestrate actions and responses to those threats—all while leaving your data where it is.

Let's talk

Sign up for a follow-up discussion with Red Hat