Certification Workflow Guide
Last updated
Last updated
This section outlines the certification process for Red Hat Vulnerability Scanner Certification.
After completing the prerequisites partners should follow these steps to begin the certification process.
STEP 1: Contact certification team through the :
Click on Create Case
Choose Product certification in Category
Select the option Red Hat Vulnerability Scanner Certification
STEP 3: Once partner security product has met all the certification requirements, partners should pull the following two certification test-harness container images:
Vulnerability scan report must include the following fields:
CVE (vulnerability) affecting Red Hat package
Red Hat package name and version (to include Red Hat backporting fix when applicable)
Red Hat Security (Impact) Rating (Critical, Important, Moderate, Low)
Red Hat state (Fixed, Affected or Not-Affected) and if fixed corresponding RHSA with URL
STEP 5: Red Hat certification team will run the Precheck tool, this will ensure that the basic scanner requirements are fulfilled.
STEP 6: If the precheck tool results are succesful, Red Hat certification team will analyse in details the results to move towards certification. It will take from 2 to 6 weeks after your submission for our team to review the report.
STEP 7: After Red Hat certification team is satisfied with the accuracy of the scan results the product is certified
STEP 9: Red Hat certification team will share the certification logo with partners to promote certified product as Red Hat Certified Technology for Vulnerability Scanning
STEP 9: Re-iterate through steps and re-certify in the following conditions:
If a new major version of the certified product is released
If the test harness images for certification are updated (once a year)
*Appropriate partner communication will be generated in case the test harness images for certification are updated.
STEP 2: Review guide
Repository:
podman pull
docker pull
Repository:
podman pull
docker pull
STEP 4: Scan test-harness images with partner's security product and submit the results in the machine readable format (preferred CSV) of the components and vulnerabilities found to Red Hat certification team through the ticket created in .
STEP 8: Red Hat certification team will provide a product listing template. Partners provide the details for the certified security product to showcase in (RHEC)