Certification Workflow

This section outlines the certification process for Red Hat Vulnerability Scanner Certification.

After completing the prerequisites partners should follow these steps to begin the certification process.

STEP 1: Contact certification team through the Partner Acceleration Desk :

  • Click on Create Case

  • Choose Product certification in Category

  • Select the option Red Hat Vulnerability Scanner Certification

STEP 2: Review certification requirements and "Technical Guidance on adopting Red Hat OVALv2" guide

STEP 3: Once partner security product has met all the certification requirements, partners should pull the following two certification test-harness container images:

Certification test-harness images:

Image 1:

Repository: registry.redhat.io/ubi8/python-27:2.7-218


podman pull registry.redhat.io/ubi8/python-27:2.7-218

docker pull registry.redhat.io/ubi8/python-27:2.7-218

Image 2:

Repository: registry.redhat.io/openshift4/ose-console:v4.13.0-202308040326.p0.g67543a2.assembly.stream


podman pull registry.redhat.io/openshift4/ose-console:v4.13.0-202308040326.p0.g67543a2.assembly.stream

docker pull registry.redhat.io/openshift4/ose-console:v4.13.0-202308040326.p0.g67543a2.assembly.stream

Note: Certification criteria is defined by Red Hat Product Security team and Red Hat Partner Connect team.

STEP 4: Scan test-harness images with partner's security product and submit the results in the machine readable format (preferred JSON) of the components and vulnerabilities found to Red Hat certification team through the ticket created in PAD.

Delivered report must be in the same format like any other scanner’s user will get, report cannot be manually corrected or adjusted.

  • Vulnerability scan report must include the following fields:

    • CVE (vulnerability) affecting Red Hat package

    • Red Hat package name and version (to include Red Hat backporting fix when applicable)

    • Red Hat Security (Impact) Rating (Critical, Important, Moderate, Low)

    • Red Hat state (Fixed, Affected or Not-Affected) and if fixed corresponding RHSA with URL

STEP 5: Red Hat certification team will analyse the results to move towards certification. It will take from 2 to 6 weeks after your submission for our team to review the report.

STEP 6: After Red Hat certification team is satisfied with the accuracy of the scan results the product is certified

STEP 7: Red Hat certification team will provide a product listing template. Partners provide the details for the certified security product to showcase in Red Hat Ecosystem Catalog (RHEC)

STEP 8: Red Hat certification team will share the certification logo with partners to promote certified product as Red Hat Certified Technology for Vulnerability Scanning

STEP 9: Re-iterate through steps and re-certify in the following conditions:

  1. If a new major version of the certified product is released

  2. If the test harness images for certification are updated (once a year)

*Appropriate partner communication will be generated in case the test harness images for certification are updated.

Last updated