Certification Workflow

This section outlines the certification process for Red Hat Vulnerability Scanner Certification.

After completing the prerequisites partners should follow these steps to begin the certification process.

STEP 1: Contact certification team at [email protected]

STEP 2: Review certification requirements and "Technical Guidance on adopting Red Hat OVALv2" guide

STEP 3: Once partner security product has met all the certification requirements, partners should pull the following two certification test-harness container images:

Certification test-harness images:

Image 1:

Repository: registry.redhat.io/openshift3/jenkins-agent-maven-35-rhel7:v3.11.439

SHA256:907098051150483dc47206355375ec5cd5efdccebe628d25b4405913f8ae9741

podman pull registry.redhat.io/openshift3/jenkins-agent-maven-35-rhel7:v3.11.439

docker pull registry.redhat.io/openshift3/jenkins-agent-maven-35-rhel7:v3.11.439

Image 2:

Repository: registry.redhat.io/ubi8/nodejs-10:1-127

SHA256:34cb371558e8eabe8785b9bd7982ffea62cd9f8ea5b62d2035fdfee23d4b0662

podman pull registry.redhat.io/ubi8/nodejs-10:1-127

docker pull registry.redhat.io/ubi8/nodejs-10:1-127

Note: Certification criteria is defined by Red Hat Product Security team and Red Hat Partner Connect team.

STEP 4: Scan test-harness images with partner's security product and email a csv (or similar) report of the packages and vulnerabilities found to Red Hat certification team at [email protected]

  • Vulnerability scan report must include the following fields:

    • CVE (vulnerability) affecting Red Hat package

    • Red Hat package name and version (to include Red Hat backporting fix when applicable)

    • Red Hat Security (Impact) Rating (Critical, Important, Moderate, Low)

    • Red Hat state (Fixed, Affected or Not-Affected) and if fixed corresponding RHSA with URL

STEP 5: Red Hat certification team will analyze the results to move towards certification

Red Hat Vulnerability Scanning Certification workflow

STEP 6: After Red Hat certification team is satisfied with the accuracy of the scan results the product is certified

STEP 7: Red Hat certification team will provide a product listing template. Partners provide the details for the certified security product to showcase in Red Hat Ecosystem Catalog (RHEC)

STEP 8: Red Hat certification team will share the certification logo with partners to promote certified product as Red Hat Certified Technology for Vulnerability Scanning