Red Hat has launched a new container scanning interface to enable security partners to easily plug into Red Hat OpenShift Container Platform. As containers move from experiment to enterprise-reality, a key consideration is security. Today’s news builds upon Red Hat’s leadership in container security. By integrating with multiple container scanners, Red Hat and its partners enable users to more easily see what’s running inside their containers and whether the latest security updates have been applied. The new container capabilities come via the latest version of Red Hat Enterprise Linux Atomic Host, which serves as the container operating system for Red Hat OpenShift Container Platform.

Expanding Red Hat’s existing collaboration with Black Duck Software, Black Duck Hub is now fully integrated and supported as a container scanner. Black Duck Hub provides deep container inspection (DCI) of many open source component used in the operating system user space, as well as applications and libraries that might be added to containers by developers. The scanner maps known open source security vulnerabilities and dynamically monitors container inventory, providing alerts on any new vulnerabilities affecting the code. By running natively on Atomic Host, Black Duck Hub delivers added confidence in the security profile of all container images and components from development to test to production, all at scale.

Additionally, Red Hat Enterprise Linux Atomic Host also includes a technology preview of the OpenSCAP scanner. The Open Security Content Automation Protocol (OpenSCAP) project provides an ecosystem of tools and policies to help assess, measure and enforce IT security measures; the OpenSCAP scanner, also integrated with Atomic Host, applies these same protocols to container content, helping to more quickly identify vulnerabilities for remediation.

The new version of Atomic Host provides several other features and capabilities as well, including:

• Updated container runtimes, offering users a choice of Docker or Open Container Initiative (OCI) run times.
• Improved systems integration to simplify migrating existing applications to more easily run inside containers.
• Improved update functionality for hotfixes between full releases.
• Graphical management to help make it easier to perform administration tasks, including updates from within Cockpit.