Use of Container Images Guidelines
Purpose
These guidelines apply to container images made available by Red Hat through our container catalog. This is specific to images that have old build dates. Container images contain content and code maintained in upstream projects. Common Vulnerabilities and Exposures (CVEs) are fixed first in those upstream projects and platform products, creating a dependency for image maintainers. The older an image is, the greater risk associated, due to unresolved vulnerabilities.
The following recommendations serve as guidance with the intent to minimize risk and exposure to vulnerabilities.
Guidelines and recommendations
Leverage the Red Hat Container Health Index. Red Hat Product Security recommends any consumer of container images to note the following:
- Only use container images with an A/B rating. These images have current content. This includes fixed CVEs.
- The use of container images with a rating of C/D/E increases the risk of malware and vulnerabilities introduced into the containers deployed into production.
- Do not use container images with a security grade of F. These images have not been updated and contain a substantial number of vulnerabilities that have been fixed upstream and at the platform layer.
Quick Links
Help
Site Info
Related Sites
Red Hat legal and privacy links
- About Red Hat
- Jobs
- Events
- Locations
- Contact Red Hat
- Red Hat Blog
- Inclusion at Red Hat
- Cool Stuff Store
- Red Hat Summit