Partner Guide for Red Hat Vulnerability Scanner Ce
Backporting Security FixesRed Hat Severity Ratings
  • Partner Guide for Red Hat Vulnerability Scanner Certification
  • Certification Policy Guide
  • Certification Workflow Guide
  • Getting Help
  • FAQs
Powered by GitBook
On this page
  • Certification test-harness images:
  • Image 1:
  • Image 2:

Certification Workflow Guide

PreviousCertification Policy GuideNextGetting Help

Last updated 7 months ago

This section outlines the certification process for Red Hat Vulnerability Scanner Certification.

After completing the prerequisites partners should follow these steps to begin the certification process.

STEP 1: Contact certification team through the :

  • Click on Create Case

  • Choose Product certification in Category

  • Select the option Red Hat Vulnerability Scanner Certification

STEP 3: Once partner security product has met all the certification requirements, partners should pull the following two certification test-harness container images:

Certification test-harness images:

Image 1:

sha256:a4b270f826f5ae08eefada3a73c989fd2cfb712df9d9b86cdce53ee201189a8c

Image 2:

sha256:422c5c78b8fca878dba9d7faaae003e5341741b007fa51646904bc8d0c8a46c6

Note: Certification criteria is defined by Red Hat Product Security team and Red Hat Partner Connect team.

Delivered report must be in the same format like any other scanner’s user will get, report cannot be manually corrected or adjusted.

  • Vulnerability scan report must include the following fields:

    • CVE (vulnerability) affecting Red Hat package

    • Red Hat package name and version (to include Red Hat backporting fix when applicable)

    • Red Hat Security (Impact) Rating (Critical, Important, Moderate, Low)

    • Red Hat state (Fixed, Affected or Not-Affected) and if fixed corresponding RHSA with URL

STEP 5: Red Hat certification team will run the Precheck tool, this will ensure that the basic scanner requirements are fulfilled.

STEP 6: If the precheck tool results are succesful, Red Hat certification team will analyse in details the results to move towards certification. It will take from 2 to 6 weeks after your submission for our team to review the report.

STEP 7: After Red Hat certification team is satisfied with the accuracy of the scan results the product is certified

STEP 9: Red Hat certification team will share the certification logo with partners to promote certified product as Red Hat Certified Technology for Vulnerability Scanning

STEP 9: Re-iterate through steps and re-certify in the following conditions:

  1. If a new major version of the certified product is released

  2. If the test harness images for certification are updated (once a year)

*Appropriate partner communication will be generated in case the test harness images for certification are updated.

STEP 2: Review guide

Repository:

podman pull

docker pull

Repository:

podman pull

docker pull

STEP 4: Scan test-harness images with partner's security product and submit the results in the machine readable format (preferred CSV) of the components and vulnerabilities found to Red Hat certification team through the ticket created in .

STEP 8: Red Hat certification team will provide a product listing template. Partners provide the details for the certified security product to showcase in (RHEC)

certification requirements
registry.redhat.io/rhel9/python-312
registry.redhat.io/rhel9/python-312
registry.redhat.io/rhel9/python-312
registry.redhat.io/openshift4/ose-console-rhel9
registry.redhat.io/openshift4/ose-console-rhel9
registry.redhat.io/openshift4/ose-console-rhel9
PAD
Red Hat Ecosystem Catalog
Partner Acceleration Desk
Red Hat Vulnerability Scanning Certification workflow