Red Hat Sets New Standard for Trusted, Enterprise-Grade Containers with Industry’s First Container Health Index
Red Hat extends container inspection and tooling to ISV partner
ecosystem; provides customers with enhanced security, reliability and
support for deploying Linux containers at scale
BOSTON--(BUSINESS WIRE)--
Red Hat, Inc. (NYSE:RHT), the world’s leading provider of open source
solutions, today introduced the industry’s first Container Health Index,
setting a new standard for enterprise-grade Linux containers. Based upon
Red Hat’s track record of delivering enterprise-grade open source
technologies, including the world’s leading enterprise Linux platform,
the Container Health Index provides the most comprehensive image detail
of any enterprise container service. The index grades all of Red Hat’s
containerized products as well as the Red Hat base layer of containers
from certified independent software vendor (ISV) partners, with Red Hat
planning to certify containerized products from 20 ISVs within the next
90 days.
While container-based applications have begun moving into production,
not all containers are created or maintained equally. Every container
starts with a Linux base layer, which means that every ISV building
container images is distributing Linux content. For these containers to
be used in production environments, this content needs to be free from
known vulnerabilities. While other companies, including several Red Hat
partners, offer container scanners to help identify security flaws, Red
Hat goes further by providing a comprehensive security impact metric,
the Container Health Index, as well as access to updated container
images addressing known security issues.
Healthy containers, backed by leading software security expertise
Building
upon the extensive expertise of Red Hat’s Product Security team in
investigating, tracking, and explaining security issues to customers,
the Container Health Index expands this work to include the challenges
of container maintenance. It provides an easy-to-understand grade (A to
F) detailing how images should be consumed and evaluated for production
systems, based in part on the age and impact of unapplied security
errata across all components of a container. Age plays a key role, as
containers are functionally static content bundles and security issues
emerge on a frequent basis; older, stale container images tend to be
less secure (reflecting neglect or poor maintenance) while newer, fresh
images are often more secure.
The aggregate ratings provided by the Container Health Index are more
than just “pass-throughs” of external security data. They provide a
concise picture of the impact (or nonimpact) posed by a given Linux
container image, backed by the extensive knowledge and technical skill
of Red Hat’s Product Security team in delivering more secure,
enterprise-grade open source software. Combining the Container Health
Index with Red Hat’s enterprise-grade products and the company’s
certified ISV ecosystem gives customers a higher degree of confidence
that containers deployed into production are more secure, stable and
supported.
Red Hat Container Catalog
The Container Health Index is an
integrated part of the Red Hat Container Catalog, a service for
discovering, distributing and consuming commercially-curated Linux
container images. Providing a clear delineation between
enterprise-class, production-ready containers and their potentially more
risk-inducing counterparts, the Red Hat Container Catalog enables
customers to easily attain a clear checklist of container contents and
other detailed information including:
- Container Health Index, a simple system to help enterprise
users quickly assess how well-maintained and secure a given image is.
- Extensive image metadata which goes far beyond image name and
description to display the container’s full package list, build
environment and complete registry information.
- Image documentation to help users understand image usage in
multiple environments, such as Red Hat OpenShift Container Platform or
distribution via Red Hat Satellite.
- Image advisories for quickly alerting users to any potential
issues with a given image or included RPMs.
More secure container innovation made partner-ready
Over the
past 15 years, Red Hat has refined its processes and tools for tracking,
reviewing, adapting and distributing security fixes with
enterprise-grade software. The Container Health Index, as part of the
Red Hat Container Catalog, establishes a foundation that will be
extended to ISVs via image assessment tools, APIs and automation,
helping these organizations to continuously deliver containers with a
higher level of security.
ISVs initially participating include: 6fusion; Aporeto; Avi Networks;
Black Duck Software; CloudBees; Collabnet; Couchbase; Dynatrace;
EnterpriseDB; F5 Networks; GitLab; NGINX; Redis Labs, Inc.; Sonatype;
Sysdig; and Univa Corporation.
Availability
The Container Health Index is available now as
an integrated component of the Red
Hat Container Catalog; all Red Hat customers, including those using
the no-cost
Red Hat Enterprise Linux Developer Subscription, are able to access
the Red Hat Container Catalog.
Press Conference
Red Hat executives, including Paul Cormier,
the company’s president of Products and Technologies, will host a
webcast live from Red Hat Summit to discuss this and today's other
announcements at 1 p.m. ET. Following remarks, press and analysts are
invited to participate in a question and answer session.
To join the webcast or view the replay after the event, visit: https://vts.inxpo.com/Launch/Event.htm?ShowKey=39441
Supporting Quotes
Matthew Hicks, vice president,
Engineering, OpenShift and Management, Red Hat
“While public
registries and uncurated repositories are acceptable for some
cloud-native development and proof-of-concept projects, they do not
always provide content that is fit for production consumption;
enterprise workloads require enterprise-ready tools. Red Hat’s
decade-and-half experience in delivering business-grade, open innovation
across a broad swath of industries is highlighted by the Container
Health Index as a component of the Red Hat Container Registry, which
combine to provide a clear, concise path for IT teams to select the
container images that best meet their compliance, integration and
security needs.”
Edward Sharp, chief security officer, Avi Networks
“As
applications move to microservice architectures for rapid development,
deployment and scaling, organizations are looking for partners that
ensure security along side resilience, flexibility and automation. The
Red Hat OpenShift Container Platform is the benchmark for orchestration
of these architectures. We are proud to be an application networking
partner of Red Hat, and support their leadership in delivering better
security and peace of mind for customers.”
Lou Shipley, CEO, Black Duck
“Red Hat’s Container Health
Index is another progressive initiative in their drive to deliver more
secure, trusted Linux containers to the enterprise. Containers increase
development speed and agility, but widespread enterprise adoption
depends on proving that container contents are secure. Speed will not
trump security. As an open source security provider and OpenShift
partner, we’re working alongside Red Hat to assure containers have
needed security features and can be deployed with confidence.”
Narayan Sundareswaran, vice president, Business Development, Couchbase
“Red
Hat and Couchbase share the common goal of supporting enterprise
customers, and with the new enterprise grade containers, together we
power the needs of digital businesses to help them execute their
cloud-first initiatives. Couchbase is fully supported to run in the most
popular containers, and Red Hat’s new Container Health Index allows our
users to easily recognize that Couchbase containers are up-to-date and
production-ready.”
Franz Karlsberger, director, Strategic Partnerships, Dynatrace
“Our
customers strive for convenience, trust, highest quality, security,
scalable containerized applications and we at Dynatrace put our
customers first, making those priorities our own. Working closely with
Red Hat’s Container Health Index gives us a solid base upon which to
develop and manage cloud-native applications, with the knowledge that
these technologies have been vetted for known vulnerabilities and are
business-ready.”
Eliran Mesika, director, Strategic Partnerships, GitLab
"Containers
are becoming ubiquitous, emerging in more production environments across
the board, and finding a secure image is difficult. RedHat's new
Container Health Index comes in to help companies get a thorough check
on the content and origin of a container image, making the utilization
more founded."
Wayne Jackson, CEO, Sonatype
“When Sonatype’s customers use
our Nexus solutions to ensure their applications are built secure from
the start, they also want to be confident that containerized instances
of Nexus running in Red Hat’s OpenShift Container Platform have the
needed security features and are vulnerability-free. We’re excited to
work with Red Hat’s tools and technologies delivered with grading
provided by the Container Health Index as a complement to our own Nexus
solutions. Combined, our solutions offer a clear, provable set of
critical metadata that is essential to building and delivering
next-generation enterprise applications.”
Additional Resources
Connect with Red Hat
About Red Hat, Inc.
Red Hat is the world's leading provider of open source software
solutions, using a community-powered approach to provide reliable and
high-performing cloud, Linux, middleware, storage and virtualization
technologies. Red Hat also offers award-winning support, training, and
consulting services. As a connective hub in a global network of
enterprises, partners, and open source communities, Red Hat helps create
relevant, innovative technologies that liberate resources for growth and
prepare customers for the future of IT. Learn more at http://www.redhat.com.
Forward-Looking Statements
Certain statements contained in this press release may constitute
"forward-looking statements" within the meaning of the Private
Securities Litigation Reform Act of 1995. Forward-looking statements
provide current expectations of future events based on certain
assumptions and include any statement that does not directly relate to
any historical or current fact. Actual results may differ materially
from those indicated by such forward-looking statements as a result of
various important factors, including: risks related to the ability of
the Company to compete effectively; the ability to deliver and stimulate
demand for new products and technological innovations on a timely basis;
delays or reductions in information technology spending; the integration
of acquisitions and the ability to market successfully acquired
technologies and products; fluctuations in exchange rates; the effects
of industry consolidation; uncertainty and adverse results in litigation
and related settlements; the inability to adequately protect Company
intellectual property and the potential for infringement or breach of
license claims of or relating to third party intellectual property;
risks related to data and information security vulnerabilities; changes
in and a dependence on key personnel; the ability to meet financial and
operational challenges encountered in our international operations; and
ineffective management of, and control over, the Company's growth and
international operations, as well as other factors contained in our most
recent Annual Report on Form 10-K (copies of which may be accessed
through the Securities and Exchange Commission's website at http://www.sec.gov),
including those found therein under the captions "Risk Factors" and
"Management's Discussion and Analysis of Financial Condition and Results
of Operations". In addition to these factors, actual future performance,
outcomes, and results may differ materially because of more general
factors including (without limitation) general industry and market
conditions and growth rates, economic and political conditions,
governmental and public policy changes and the impact of natural
disasters such as earthquakes and floods. The forward-looking statements
included in this press release represent the Company's views as of the
date of this press release and these views could change. However, while
the Company may elect to update these forward-looking statements at some
point in the future, the Company specifically disclaims any obligation
to do so. These forward-looking statements should not be relied upon as
representing the Company's views as of any date subsequent to the date
of this press release.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, Red Hat
Satellite, Container Health Index and OpenShift are trademarks or
registered trademarks of Red Hat, Inc. or its subsidiaries in the U.S.
and other countries. Linux® is the registered trademark of Linus
Torvalds in the U.S. and other countries.
View source version on businesswire.com: http://www.businesswire.com/news/home/20170502005623/en/
Red Hat, Inc.
John Terrill, +1-571-421-8132
jterrill@redhat.com
Source: Red Hat, Inc.