Red Hat and Black Duck Collaborate to Eliminate Vulnerabilities in Containers

By CIOReview | Wednesday, October 21, 2015

RALEIGH, N.C.: Red Hat announces collaboration with Black Duck Software, a provider of automated solutions for securing and managing open source software, to provide a secure and trusted model for containerized application delivery.

The collaboration aims to establish a secure and trusted model for containerized application delivery by certifying containers that are free from vulnerabilities and include only certified content. The enterprise level Deep Container Inspection, combined with certification, policy and trust will be integral to the development, deployment and management of containers. Black Duck’s ability to identify and assess open source vulnerabilities is the key driver behind the collaboration.

As container adoption by enterprises is growing at rapid pace, the worries about integrity and security of container applications deepen. Security concerns such as provenance, certification, policy and trust have surfaced as challenges for enterprise in container adoption. A recent survey by Red Hat throws light on industry concerns pertaining to container security, certification and image provenance.

The companies plan to integrate Black Duck’s container scanning and open source security vulnerability-mapping software – Black Duck Hub with Open Shift, Red Hat’s Platform-as-a-Service (PaaS) offering, to provide reports and data on potential vulnerabilities present in container images made available in the OpenShift registry.

OpenShift is an enterprise-ready, web-scale container application platform based on Docker-formatted Linux containers, Kubernetes orchestration, and Red Hat Enterprise Linux. When clubbed with the Black Duck Hub, OpenShift users can consume, develop and run containerized applications with more confidence and security. Furthermore, the companies plan to include Black Duck technologies as a set of complementary services within Red Hat’s current container certification workflow for application builders such as Independent Software Vendors.

“A significant part of an enterprise-ready container strategy is the ability to trust the code across the entire lifecycle of a containerized application, from development to management. Red Hat and Black Duck are extending the value of Red Hat’s platform and certification process to the broader developer community and our customers in addition to our robust partner ecosystem,” says Lars Herrmann, General Manager, Integrated Solutions, Red Hat. “This collaboration demonstrates Red Hat’s continued commitment to delivering not only Linux container-based innovation, but also the tools and ecosystem to help enterprises adopt containerized applications that are secure, certified and supported.”