Technical Guidance on adopting Red Hat OVAL v2

Introduction

Welcome to Red Hat Partner Connect for Technology Partners.

This guide aims at providing technical guidance on the process involved in leveraging Red Hat OVAL v2 product and version specific streams to accurately identify Common Vulnerabilities and Exposures (CVEs) affecting Red Hat products and packages in a container image.

The exact implementation is up to our Partner’s expertise in their products and container vulnerability scanning.

The information provided in this document applies only to Red Hat generated and supported software components and should not be used for other distributions (i.e. CentOS, Oracle Linux, Origin etc.)

Please note that the terms vulnerability and CVE are used interchangeably throughout this document.