BOSTON – RED HAT SUMMIT 2017 - —
Red Hat, Inc. (NYSE:RHT), the world’s leading provider of open source solutions, today introduced the industry’s first Container Health Index, setting a new standard for enterprise-grade Linux containers. Based upon Red Hat’s track record of delivering enterprise-grade open source technologies, including the world’s leading enterprise Linux platform, the Container Health Index provides the most comprehensive image detail of any enterprise container service. The index grades all of Red Hat’s containerized products as well as the Red Hat base layer of containers from certified independent software vendor (ISV) partners, with Red Hat planning to certify containerized products from 20 ISVs within the next 90 days.
While public registries and uncurated repositories are acceptable for some cloud-native development and proof-of-concept projects, they do not always provide content that is fit for production consumption; enterprise workloads require enterprise-ready tools.
While container-based applications have begun moving into production, not all containers are created or maintained equally. Every container starts with a Linux base layer, which means that every ISV building container images is distributing Linux content. For these containers to be used in production environments, this content needs to be free from known vulnerabilities. While other companies, including several Red Hat partners, offer container scanners to help identify security flaws, Red Hat goes further by providing a comprehensive security impact metric, the Container Health Index, as well as access to updated container images addressing known security issues.
Healthy containers, backed by leading software security expertise
Building upon the extensive expertise of Red Hat’s Product Security team in investigating, tracking, and explaining security issues to customers, the Container Health Index expands this work to include the challenges of container maintenance. It provides an easy-to-understand grade (A to F) detailing how images should be consumed and evaluated for production systems, based in part on the age and impact of unapplied security errata across all components of a container. Age plays a key role, as containers are functionally static content bundles and security issues emerge on a frequent basis; older, stale container images tend to be less secure (reflecting neglect or poor maintenance) while newer, fresh images are often more secure.
The aggregate ratings provided by the Container Health Index are more than just “pass-throughs” of external security data. They provide a concise picture of the impact (or nonimpact) posed by a given Linux container image, backed by the extensive knowledge and technical skill of Red Hat’s Product Security team in delivering more secure, enterprise-grade open source software. Combining the Container Health Index with Red Hat’s enterprise-grade products and the company’s certified ISV ecosystem gives customers a higher degree of confidence that containers deployed into production are more secure, stable and supported.
Red Hat Container Catalog
The Container Health Index is an integrated part of the Red Hat Container Catalog, a service for discovering, distributing and consuming commercially-curated Linux container images. Providing a clear delineation between enterprise-class, production-ready containers and their potentially more risk-inducing counterparts, the Red Hat Container Catalog enables customers to easily attain a clear checklist of container contents and other detailed information including:
- Container Health Index, a simple system to help enterprise users quickly assess how well-maintained and secure a given image is.
- Extensive image metadata which goes far beyond image name and description to display the container’s full package list, build environment and complete registry information.
- Image documentation to help users understand image usage in multiple environments, such as Red Hat OpenShift Container Platform or distribution via Red Hat Satellite.
- Image advisories for quickly alerting users to any potential issues with a given image or included RPMs.
More secure container innovation made partner-ready
Over the past 15 years, Red Hat has refined its processes and tools for tracking, reviewing, adapting and distributing security fixes with enterprise-grade software. The Container Health Index, as part of the Red Hat Container Catalog, establishes a foundation that will be extended to ISVs via image assessment tools, APIs and automation, helping these organizations to continuously deliver containers with a higher level of security.
ISVs initially participating include: 6fusion; Aporeto; Avi Networks; Black Duck Software; CloudBees; Collabnet; Couchbase; Dynatrace; EnterpriseDB; F5 Networks; GitLab; NGINX; Redis Labs, Inc.; Sonatype; Sysdig; and Univa Corporation.
The Container Health Index is available now as an integrated component of the Red Hat Container Catalog; all Red Hat customers, including those using the no-cost Red Hat Enterprise Linux Developer Subscription, are able to access the Red Hat Container Catalog.
Red Hat executives, including Paul Cormier, the company’s president of Products and Technologies, will host a webcast live from Red Hat Summit to discuss this and today's other announcements at 1 p.m. ET. Following remarks, press and analysts are invited to participate in a question and answer session.
To join the webcast or view the replay after the event, visit: https://vts.inxpo.com/Launch/Event.htm?ShowKey=39441
Matthew Hicks, vice president, Engineering, OpenShift and Management, Red Hat
“While public registries and uncurated repositories are acceptable for some cloud-native development and proof-of-concept projects, they do not always provide content that is fit for production consumption; enterprise workloads require enterprise-ready tools. Red Hat’s decade-and-half experience in delivering business-grade, open innovation across a broad swath of industries is highlighted by the Container Health Index as a component of the Red Hat Container Registry, which combine to provide a clear, concise path for IT teams to select the container images that best meet their compliance, integration and security needs.”
Edward Sharp, chief security officer, Avi Networks
“As applications move to microservice architectures for rapid development, deployment and scaling, organizations are looking for partners that ensure security along side resilience, flexibility and automation. The Red Hat OpenShift Container Platform is the benchmark for orchestration of these architectures. We are proud to be an application networking partner of Red Hat, and support their leadership in delivering better security and peace of mind for customers.”
Lou Shipley, CEO, Black Duck
“Red Hat’s Container Health Index is another progressive initiative in their drive to deliver more secure, trusted Linux containers to the enterprise. Containers increase development speed and agility, but widespread enterprise adoption depends on proving that container contents are secure. Speed will not trump security. As an open source security provider and OpenShift partner, we’re working alongside Red Hat to assure containers have needed security features and can be deployed with confidence.”
Narayan Sundareswaran, vice president, Business Development, Couchbase
“Red Hat and Couchbase share the common goal of supporting enterprise customers, and with the new enterprise grade containers, together we power the needs of digital businesses to help them execute their cloud-first initiatives. Couchbase is fully supported to run in the most popular containers, and Red Hat’s new Container Health Index allows our users to easily recognize that Couchbase containers are up-to-date and production-ready.”
Franz Karlsberger, director, Strategic Partnerships, Dynatrace
“Our customers strive for convenience, trust, highest quality, security, scalable containerized applications and we at Dynatrace put our customers first, making those priorities our own. Working closely with Red Hat’s Container Health Index gives us a solid base upon which to develop and manage cloud-native applications, with the knowledge that these technologies have been vetted for known vulnerabilities and are business-ready.”
Eliran Mesika, director, Strategic Partnerships, GitLab
"Containers are becoming ubiquitous, emerging in more production environments across the board, and finding a secure image is difficult. RedHat's new Container Health Index comes in to help companies get a thorough check on the content and origin of a container image, making the utilization more founded."
Wayne Jackson, CEO, Sonatype
“When Sonatype’s customers use our Nexus solutions to ensure their applications are built secure from the start, they also want to be confident that containerized instances of Nexus running in Red Hat’s OpenShift Container Platform have the needed security features and are vulnerability-free. We’re excited to work with Red Hat’s tools and technologies delivered with grading provided by the Container Health Index as a complement to our own Nexus solutions. Combined, our solutions offer a clear, provable set of critical metadata that is essential to building and delivering next-generation enterprise applications.”
Connect with Red Hat