Backporting Security FixesRed Hat Severity Ratings

Certification Workflow Guide

This section outlines the certification process for Red Hat Vulnerability Scanner Certification.

After completing the prerequisites partners should follow these steps to begin the certification process.

STEP 1: Contact certification team through the Partner Acceleration Desk :

  • Click on Create Case

  • Choose Product certification in Category

  • Select the option Red Hat Vulnerability Scanner Certification

STEP 2: Review certification requirements guide

STEP 3: Once partner security product has met all the certification requirements, partners should pull the following two certification test-harness container images:

Certification test-harness images:

Image 1:

Repository: registry.redhat.io/rhel9/python-312

sha256:a4b270f826f5ae08eefada3a73c989fd2cfb712df9d9b86cdce53ee201189a8c

podman pull registry.redhat.io/rhel9/python-312

docker pull registry.redhat.io/rhel9/python-312

Image 2:

Repository: registry.redhat.io/openshift4/ose-console-rhel9

sha256:422c5c78b8fca878dba9d7faaae003e5341741b007fa51646904bc8d0c8a46c6

podman pull registry.redhat.io/openshift4/ose-console-rhel9

docker pull registry.redhat.io/openshift4/ose-console-rhel9

Note: Certification criteria is defined by Red Hat Product Security team and Red Hat Partner Connect team.

STEP 4: Scan test-harness images with partner's security product and submit the results in the machine readable format (preferred CSV) of the components and vulnerabilities found to Red Hat certification team through the ticket created in PAD.

Delivered report must be in the same format like any other scanner’s user will get, report cannot be manually corrected or adjusted.

  • Vulnerability scan report must include the following fields:

    • CVE (vulnerability) affecting Red Hat package

    • Red Hat package name and version (to include Red Hat backporting fix when applicable)

    • Red Hat Security (Impact) Rating (Critical, Important, Moderate, Low)

    • Red Hat state (Fixed, Affected or Not-Affected) and if fixed corresponding RHSA with URL

STEP 5: Red Hat certification team will run the Precheck tool, this will ensure that the basic scanner requirements are fulfilled.

STEP 6: If the precheck tool results are succesful, Red Hat certification team will analyse in details the results to move towards certification. It will take from 2 to 6 weeks after your submission for our team to review the report.

Red Hat Vulnerability Scanning Certification workflow

STEP 7: After Red Hat certification team is satisfied with the accuracy of the scan results the product is certified

STEP 8: Red Hat certification team will provide a product listing template. Partners provide the details for the certified security product to showcase in Red Hat Ecosystem Catalog (RHEC)

STEP 9: Red Hat certification team will share the certification logo with partners to promote certified product as Red Hat Certified Technology for Vulnerability Scanning

STEP 9: Re-iterate through steps and re-certify in the following conditions:

  1. If a new major version of the certified product is released

  2. If the test harness images for certification are updated (once a year)

*Appropriate partner communication will be generated in case the test harness images for certification are updated.

PreviousCertification Policy GuideNextGetting Help

Last updated