Container Health Index: Red Hat’s standard for trusted containers

Red Hat introduced the Container Health Index, which provides a comprehensive image detail of any enterprise container service. The index grades all of Red Hat’s containerized products as well as the Red Hat base layer of containers from certified ISV partners, with Red Hat planning to certify containerized products from 20 ISVs within the next 90 days.

While container-based applications have begun moving into production, not all containers are created or maintained equally. Every container starts with a Linux base layer, which means that every ISV building container images is distributing Linux content. For these containers to be used in production environments, this content needs to be free from known vulnerabilities.

While other companies, including several Red Hat partners, offer container scanners to help identify security flaws, Red Hat goes further by providing a security impact metric, the Container Health Index, as well as access to updated container images addressing known security issues.

Healthy containers, backed by software security expertise

The Container Health Index includes the challenges of container maintenance. It provides an easy-to-understand grade (A to F) detailing how images should be consumed and evaluated for production systems, based in part on the age and impact of unapplied security errata across all components of a container.

Age plays a key role, as containers are functionally static content bundles and security issues emerge on a frequent basis; older, stale container images tend to be less secure (reflecting neglect or poor maintenance) while newer, fresh images are often more secure.

The aggregate ratings provided by the Container Health Index are more than just “pass-throughs” of external security data. They provide a concise picture of the impact (or nonimpact) posed by a given Linux container image, backed by the extensive knowledge and technical skill of Red Hat’s Product Security team in delivering more secure, enterprise-grade open source software.

Red Hat Container Catalog

The Container Health Index is an integrated part of the Red Hat Container Catalog, a service for discovering, distributing and consuming commercially-curated Linux container images. Providing a clear delineation between enterprise-class, production-ready containers and their potentially more risk-inducing counterparts, the Red Hat Container Catalog enables customers to easily attain a clear checklist of container contents and other detailed information including:

Container Health Index, a simple system to help enterprise users quickly assess how well-maintained and secure a given image is.

Extensive image metadata which goes far beyond image name and description to display the container’s full package list, build environment and complete registry information.

Image documentation to help users understand image usage in multiple environments, such as Red Hat OpenShift Container Platform or distribution via Red Hat Satellite.

Image advisories for quickly alerting users to any potential issues with a given image or included RPMs.