Ensuring Container Image Security on OpenShift with Red Hat CloudForms

In December 2016, a major vulnerability, CVE-2016-9962 (“on-entry vulnerability”), was found in the Docker engine which allowed local root users in a container to gain access to file-descriptors of a process launched or moved into the container from another namespace. In a Banyan security report, they found that over 30% of official images in Docker Hub contain high priority security vulnerabilities. And FlawCheck surveyed enterprises asking for their top security concern regarding containers in production environments. “Vulnerabilities and malware,” at 42%, was the top security concern among those surveyed. Clearly security is a top concern for organizations that are looking to run containers in production.

At Red Hat, we are continuously improving our security capabilities and introduced a new container scanning feature with CloudForms 4.2 and OpenShift 3.4. This new feature allows CloudForms to flag images in the container registry in which it has found vulnerabilities, and OpenShift to deny execution of that image the next time someone tries to run that image.

Continue reading “Ensuring Container Image Security on OpenShift with Red Hat CloudForms”

CloudForms as a Container

The CloudForms 4.1 release (June ’16) delivered a new format for the CloudForms appliance: as a container in docker format. CloudForms has led the way by offering the appliance in several different virtualization and cloud formats, such as:

  • Red Hat Virtualization
  • Red Hat OpenStack Platform
  • Google Cloud Platform
  • Microsoft Azure
  • Microsoft SCVMM (Hyper-v)
  • VMware vSphere

With the new CloudForms container you can now host CloudForms on:

  • Red Hat OpenShift Enterprise 3
  • Red Hat Atomic Host (7.2 or higher)
  • Red Hat Enterprise Linux (7.2 or higher)
  • Anywhere using docker

Continue reading “CloudForms as a Container”