Security is a top priority for OpenShift. OpenShift 4.3 laid the groundwork for even more robust image security with Quay Container Security Integration, which allows registry images to be scanned for vulnerabilities right from the OpenShift Web Console and surfaced on the cluster dashboard’s Status card.
For OpenShift 4.4, we’ve taken this security a step further. To enhance the Container Security Operator's functionality, we've added a dedicated Image Manifest Vulnerabilities list to the Administrator section, where you can quickly view and diagnose these vulnerabilities. You can also access this view from an individual pod, allowing the list of image vulnerabilities to be filtered to those that relate to that specific pod. Let's get into it.
Viewing image vulnerabilities
When cluster security is at risk, you want to take quick and efficient action. That's where the Image Manifest Vulnerabilities list comes in. Once the Container Security Operator has been installed, container image vulnerabilities in pods running on the cluster will begin to populate the list in the Administration section.
This list view conveys a quick overview of images’ vulnerabilities, such as the highest severity for the image, the number of pods affected, and the number of fixable vulnerabilities within the image. If you are interested in viewing a detailed breakdown of all vulnerabilities, along with other security scan information such as packages installed that don't have vulnerabilities, the image manifest’s hash is also a link to these details on the Quay instance the image is hosted on.
To get into the specifics, you can view the details of the Image Manifest Vulnerabilities resource. This offers a more expanded view of the image’s status, powered by Quay Security Scanner, where you can see a summary of the count of vulnerabilities and severity. You can also see the list of vulnerabilities affecting the image, along with their severity, package and current package version, and the version in which the vulnerability is fixed. The vulnerability name links to external security data with further information about the description and solution to the issue.
Let's say an admin is curious about which pods are affected by the vulnerable image. The **Affected Pods** tab shows a complete list of pods. Each name links to the pod resource, which assists in updating the image and getting those vulnerabilities fixed!
Assessing pod security
Alternatively, perhaps you are interested in confirming that a particular pod is secure. Admins can also access the Image Manifest Vulnerabilities list from the pod that might be running a vulnerable image.
Accessing the list of Image Manifest Vulnerabilities from a pod is as easy as a new **View Image Vulnerabilities** action, available from the pods list or a pod’s **Actions** menu, which quickly gives a sense of that pod’s image security status.
This new action leads to the Image Manifest Vulnerabilities list—but that list is now filtered to show only that pod's vulnerable image, if any vulnerabilities exist.
Staying secure
Quay Container Security integration gives administrators greater confidence to know their cluster images are secure, right from within the OpenShift Web Console. Viewing image vulnerabilities from right within the console allows quicker discovery and rectification, ultimately leading to an overall more secure cluster.
But we aren’t done yet.
Quay integration will continue to expand in the future. So stay tuned for more security features like notifications when a new vulnerability is found and repository-related features like image management.
If you are just getting started with OpenShift or want to try these features now, visit the newly revamped Try OpenShift site to get instant access to a cluster. If you’d like to learn more about what the OpenShift design team is up to, check out our github design repo, or if you are interested in providing any feedback on any of the new 4.4 features or have suggestions for the future, please take this brief 3-minute survey.
저자 소개
채널별 검색
오토메이션
기술, 팀, 인프라를 위한 IT 자동화 최신 동향
인공지능
고객이 어디서나 AI 워크로드를 실행할 수 있도록 지원하는 플랫폼 업데이트
오픈 하이브리드 클라우드
하이브리드 클라우드로 더욱 유연한 미래를 구축하는 방법을 알아보세요
보안
환경과 기술 전반에 걸쳐 리스크를 감소하는 방법에 대한 최신 정보
엣지 컴퓨팅
엣지에서의 운영을 단순화하는 플랫폼 업데이트
인프라
세계적으로 인정받은 기업용 Linux 플랫폼에 대한 최신 정보
애플리케이션
복잡한 애플리케이션에 대한 솔루션 더 보기
오리지널 쇼
엔터프라이즈 기술 분야의 제작자와 리더가 전하는 흥미로운 스토리
제품
- Red Hat Enterprise Linux
- Red Hat OpenShift Enterprise
- Red Hat Ansible Automation Platform
- 클라우드 서비스
- 모든 제품 보기
툴
체험, 구매 & 영업
커뮤니케이션
Red Hat 소개
Red Hat은 Linux, 클라우드, 컨테이너, 쿠버네티스 등을 포함한 글로벌 엔터프라이즈 오픈소스 솔루션 공급업체입니다. Red Hat은 코어 데이터센터에서 네트워크 엣지에 이르기까지 다양한 플랫폼과 환경에서 기업의 업무 편의성을 높여 주는 강화된 기능의 솔루션을 제공합니다.