This section outlines the certification process for Red Hat Vulnerability Scanner Certification.
After completing the prerequisites partners should follow these steps to begin the certification process.
STEP 1: Contact certification team at [email protected]
STEP 3: Once partner security product has met all the certification requirements, partners should pull the following two certification test-harness container images:
podman pull registry.redhat.io/ubi8/nodejs-10:1-127
docker pull registry.redhat.io/ubi8/nodejs-10:1-127
STEP 4: Scan test-harness images with partner's security product and email a csv (or similar) report of the packages and vulnerabilities found to Red Hat certification team at [email protected]
Vulnerability scan report must include the following fields:
CVE (vulnerability) affecting Red Hat package
Red Hat package name and version (to include Red Hat backporting fix when applicable)
Red Hat Security (Impact) Rating (Critical, Important, Moderate, Low)
Red Hat state (Fixed, Affected or Not-Affected) and if fixed corresponding RHSA with URL
STEP 5: Red Hat certification team will analyze the results to move towards certification
STEP 6: After Red Hat certification team is satisfied with the accuracy of the scan results the product is certified
STEP 7: Red Hat certification team will provide a product listing template. Partners provide the details for the certified security product to showcase in Red Hat Ecosystem Catalog (RHEC)
STEP 8: Red Hat certification team will share the certification logo with partners to promote certified product as Red Hat Certified Technology for Vulnerability Scanning