Red Hat Vulnerability Scanner Certification

A single source of scanning truth for vulnerabilities

The Red Hat Vulnerability Scanner Certification is a collaboration with security partners to deliver accurate and reliable container vulnerability scanning results of Red Hat-published images and packages.

A Trusted Source in Red Hat

Red Hat has created a vulnerability scanning security partner ecosystem for vulnerability assessment that produces consistent results of Red Hat products and packages. Differentiate your product by collaborating with Red Hat.

  • This certification is offered at no cost to Red Hat Partner Connect members

Why does Red Hat Vulnerability Scanner Certification matter?

Building security into applications is critical for cloud-native deployments, and this requires the use of trusted container content. Vulnerability scanning plays an important role in ensuring that container content can be trusted. Detecting and mitigating vulnerabilities, proactively safeguards an application by securing it's confidentiality, integrity, and availability. This new certification aims to create a single source of scanning truth.


Accurate and reliable reporting

Creating a single source of scanning truth for vulnerability risk assessment means enabling partners to consume and standardize on the rich and transparent security data that Red Hat Product Security has made available for Red Hat products and packages with Red Hat OVAL v2 (Open Vulnerability and Assessment Language) streams. Red Hat Product Security works tirelessly to enhance these data sets to deliver more accurate reporting from Red Hat and our partners by minimizing false positives and other discrepancies. For our mutual customers, this means they can employ these Red Hat certified products with an assurance of improved accuracy and reliability of reporting of vulnerability risks.

Security Scanning Exchange

The Security Scanning Exchange is a special interest group created by the Red Hat Product Security team. This interest group brings Red Hat security partners together to collaborate on security scanning best practices that benefit our mutual customers. The group regularly reviews the availability and utilization of scanning artifacts such as epoch values, OVAL (Open Vulnerability and Assessment Language) files, APIs, webpages, overall metadata, etc. Technical enablement sessions regarding a particular scanning artifact, product, or technology are also a key part of these meetings.

Members of the
Security Scanning Exchange

AquaSec

Palo Alto

Red Hat (StackRox)

Snyk 

Sysdig

  • Completing Red Hat Vulnerability Scanner Certification is a prerequisite to becoming a member of the Security Scanning Exchange

Red Hat Product Security risk report

The Red Hat® Product Security risk report is an overview of security vulnerabilities that impacted Red Hat products. The report reviewed large and small security vulnerabilities that were publicly announced throughout the year, as well as the data and metrics that were produced for these vulnerabilities across all of our solutions. The report also reviewed several high-impact, high-profile security vulnerabilities.