The rapid rise of Linux containers as an enterprise-ready technology in 2015, thanks in no small part to the technology provided by the Docker project, should come as no surprise: Linux containers offer a broad array of benefits to the enterprise, from greater application portability and scalability to the ability to fully leverage the benefits of composite applications.
But these benefits aside, Linux containers can, if IT security procedures are not followed, also cause serious harm to mission-critical operations. As Red Hat's Lars Herrmann has pointed out, containers aren't exactly transparent when it comes to seeing and understanding all of their internal code. This means that tools and technologies to actually see inside a container are critical to enterprises that want to deploy Linux containers in mission-critical scenarios.
Deep Container Inspection
First, it's important to understand what this type of scanning actually entails – I published a post along those lines in September 2015, dubbing this sort of intense software scrutiny as Deep Container Inspection, or DCI. Similar to Deep Packet Inspection in the world of TCP/IP, DCI encompasses technologies to inspect policies in the user space and policies in Linux container metadata as well as those that can automate decisions based on these codified policies.
So how is Red Hat helping to enable DCI?
OpenSCAP
Red Hat has long been a contributor to the OpenSCAP project, which aims to deliver open source tools and policies for the Security Content Automation Protocol, a standard set down by the Federal government for automating IT security policies and procedures. Recent advancements in the project, backed by Red Hat expertise, now enable the OpenSCAP scanner to check Linux containers for vulnerabilities and exploits – while this capability is still in the upstream community, it's of critical need and one that Red Hat is very strongly pushing forward to become enterprise-ready.
CloudForms 4
Red Hat's recently launched cloud management software, CloudForms 4, also provides Linux container scanning capabilities in the form of its SmartState analysis. At a basic level, the SmartState analysis grabs a snapshot of the given packages within a container – paired with the scanning capabilities of both Black Duck Hub (see below) and OpenSCAP, CloudForms 4 provides the first line of information gathering required for effective and efficient container scanning.
Black Duck Collaboration
In October 2015, Red Hat announced a collaboration with Black Duck Software, a global leader in automating the security and management of open source software, to establish a trusted model for containerized application delivery. This has been a significant missing link in the “chain of trust” for Linux containers, as given where and how code originates and the nature of containers themselves, it can be very difficult to vet all functioning pieces of a containerized application. The first step in this work is the integration of Black Duck Hub, Black Duck's container scanning and vulnerability mapping software, with Red Hat's OpenShift Platform-as-a-Service (PaaS), while future plans are to integrate Black Duck scanning technologies as a complementary set of services within Red Hat's container certification workflow for Independent Software Vendors (ISVs).
Much like container technology itself, container scanning is fast-moving to keep up with the high interest in Linux containers from the enterprise datacenter. Much as we did with Linux, Red Hat aims to deliver safe, secure and certified Linux container images and infrastructure to our customers, and our work in the area of container scanning is the first step to achieve this goal.
So what are your thoughts on container scanning and DCI in particular? Let us know in the comments below.
Sobre el autor
Más similar
Navegar por canal
Automatización
Las últimas novedades en la automatización de la TI para los equipos, la tecnología y los entornos
Inteligencia artificial
Descubra las actualizaciones en las plataformas que permiten a los clientes ejecutar cargas de trabajo de inteligecia artificial en cualquier lugar
Nube híbrida abierta
Vea como construimos un futuro flexible con la nube híbrida
Seguridad
Vea las últimas novedades sobre cómo reducimos los riesgos en entornos y tecnologías
Edge computing
Conozca las actualizaciones en las plataformas que simplifican las operaciones en el edge
Infraestructura
Vea las últimas novedades sobre la plataforma Linux empresarial líder en el mundo
Aplicaciones
Conozca nuestras soluciones para abordar los desafíos más complejos de las aplicaciones
Programas originales
Vea historias divertidas de creadores y líderes en tecnología empresarial
Productos
- Red Hat Enterprise Linux
- Red Hat OpenShift
- Red Hat Ansible Automation Platform
- Servicios de nube
- Ver todos los productos
Herramientas
- Training y Certificación
- Mi cuenta
- Soporte al cliente
- Recursos para desarrolladores
- Busque un partner
- Red Hat Ecosystem Catalog
- Calculador de valor Red Hat
- Documentación
Realice pruebas, compras y ventas
Comunicarse
- Comuníquese con la oficina de ventas
- Comuníquese con el servicio al cliente
- Comuníquese con Red Hat Training
- Redes sociales
Acerca de Red Hat
Somos el proveedor líder a nivel mundial de soluciones empresariales de código abierto, incluyendo Linux, cloud, contenedores y Kubernetes. Ofrecemos soluciones reforzadas, las cuales permiten que las empresas trabajen en distintas plataformas y entornos con facilidad, desde el centro de datos principal hasta el extremo de la red.
Seleccionar idioma
Red Hat legal and privacy links
- Acerca de Red Hat
- Oportunidades de empleo
- Eventos
- Sedes
- Póngase en contacto con Red Hat
- Blog de Red Hat
- Diversidad, igualdad e inclusión
- Cool Stuff Store
- Red Hat Summit