Red Hat Vulnerability Scanner Certification is a collaboration with security partners to deliver more accurate and reliable container vulnerability scanning results of Red Hat products and packages. Security partners can now consume and leverage Red Hat’s extensive and evolving set of published security data to minimize customer false positives and other discrepancies.
This guide explains what certification requirements partner product must meet as well as the steps partners need to take to participate and successfully complete the certification.
Partner products that meet the certification requirements can be referred to and promoted as Red Hat Certified Technology.
Once the certification is approved, the security product will be listed in the Red Hat Ecosystem Catalog as a Red Hat certified vulnerability scanning product. Partners will receive access to the Red Hat Vulnerability Scanner Certification logo to promote their certified product.
All partners certifying will become members of the new Security Scanning Exchange special interest group created by the Red Hat Product Security team.
This interest group brings certified partners together to collaborate on security scanning best practices that benefit our mutual customers. The group regularly reviews the availability and utilization of scanning artifacts such as epoch values, OVAL (Open Vulnerability and Assessment Language) files, APIs, webpages, overall metadata, etc. Technical enablement sessions regarding a particular scanning artifact, product, or technology are also a key part of these meetings.
To be eligible, security partners must fulfill the prerequisites. Please see the prerequisites section in this document for more details.