Adopting OVALv2 OVAL compatibility Backporting Security Fixes Red Hat Severity Ratings

Certification Workflow

This section outlines the certification process for Red Hat Vulnerability Scanner Certification.

After completing the prerequisites partners should follow these steps to begin the certification process.

STEP 1: Contact certification team through the Partner Acceleration Desk :

  • Click on Create Case

  • Choose Product certification in Category

  • Select the option Red Hat Vulnerability Scanner Certification

STEP 2: Review certification requirements and "Technical Guidance on adopting Red Hat OVALv2" guide

STEP 3: Once partner security product has met all the certification requirements, partners should pull the following two certification test-harness container images:

Certification test-harness images:

Image 1:

Repository: registry.redhat.io/ubi8/python-27:2.7-218

sha256:ef9b8ef384fbb5faf0985914c40839b5b26cb9dd82740ff1255c12a249143534

podman pull registry.redhat.io/ubi8/python-27:2.7-218

docker pull registry.redhat.io/ubi8/python-27:2.7-218

Image 2:

Repository: registry.redhat.io/openshift4/ose-console:v4.13.0-202308040326.p0.g67543a2.assembly.stream

sha256:638902f107f10b391671d5be2dcec646c17585e3c9adc90c62f3ae6bd6a65249

podman pull registry.redhat.io/openshift4/ose-console:v4.13.0-202308040326.p0.g67543a2.assembly.stream

docker pull registry.redhat.io/openshift4/ose-console:v4.13.0-202308040326.p0.g67543a2.assembly.stream

Note: Certification criteria is defined by Red Hat Product Security team and Red Hat Partner Connect team.

STEP 4: Scan test-harness images with partner's security product and submit the results in the machine readable format (preferred JSON) of the components and vulnerabilities found to Red Hat certification team through the ticket created in PAD.

Delivered report must be in the same format like any other scanner’s user will get, report cannot be manually corrected or adjusted.

  • Vulnerability scan report must include the following fields:

    • CVE (vulnerability) affecting Red Hat package

    • Red Hat package name and version (to include Red Hat backporting fix when applicable)

    • Red Hat Security (Impact) Rating (Critical, Important, Moderate, Low)

    • Red Hat state (Fixed, Affected or Not-Affected) and if fixed corresponding RHSA with URL

STEP 5: Red Hat certification team will analyse the results to move towards certification. It will take from 2 to 6 weeks after your submission for our team to review the report.

STEP 6: After Red Hat certification team is satisfied with the accuracy of the scan results the product is certified

STEP 7: Red Hat certification team will provide a product listing template. Partners provide the details for the certified security product to showcase in Red Hat Ecosystem Catalog (RHEC)

STEP 8: Red Hat certification team will share the certification logo with partners to promote certified product as Red Hat Certified Technology for Vulnerability Scanning

STEP 9: Re-iterate through steps and re-certify in the following conditions:

  1. If a new major version of the certified product is released

  2. If the test harness images for certification are updated (once a year)

*Appropriate partner communication will be generated in case the test harness images for certification are updated.

PreviousCertification RequirementsNextGetting Help

Last updated