catalog.redhat.com
Open in
urlscan Pro
2a02:26f0:480:d::210:f146
Public Scan
Submitted URL: https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8-minimal/images/8.6-854
Effective URL: https://catalog.redhat.com/
Submission: On March 25 via api from GB — Scanned from GB
Effective URL: https://catalog.redhat.com/
Submission: On March 25 via api from GB — Scanned from GB
Form analysis
1 forms found in the DOM<form class="pf-c-form" style="margin-top:16px" id="ecoFeedbackForm"><input type="hidden" name="form_build_id" value="form-Se0bIPh-L26lbPDwUP218Z2oRfKjEYbIRvKBM4Eo1R8"> <input type="hidden" name="form_token"
value="w3-skVyKDZSGJUXAawp-QF6jqc-WeSZqCxXqWnqMaBg"> <input type="hidden" name="form_id" value="rhec_feedback_entityform_edit_form">
<div style="display:flex" class="mobile-stack">
<div class="pf-c-form__group" style="flex:1;padding-right:16px"><label class="pf-c-form__label" for="field_eco_company[und][0][value]"><span class="pf-c-form__label-text">Your company/organization</span></label>
<div class="pf-c-form__horizontal-group"><input class="pf-c-form-control" id="company" name="field_eco_company[und][0][value]"></div>
</div>
<div class="pf-c-form__group" style="flex:1"><label class="pf-c-form__label" for="field_eco_role[und][0][value]"><span class="pf-c-form__label-text">Your role</span></label>
<div class="pf-c-form__horizontal-group"><select class="pf-c-form-control" style="padding-left:8px" id="role" name="field_eco_role[und][0][value]">
<option value="">Select your role</option>
<option value="Architect">Architect</option>
<option value="Developer">Developer</option>
<option value="DevOps Engineer">DevOps Engineer</option>
<option value="Product Manager">Product Manager</option>
<option value="Systems Administrator">Systems Administrator</option>
<option value="Other">Other</option>
</select></div>
</div>
</div>
<div class="pf-c-form__group"><label class="pf-c-form__label" for="field_eco_what_is_working_well[und][0][value]"><span class="pf-c-form__label-text">What is working well?</span></label>
<div class="pf-c-form__horizontal-group"><textarea class="pf-c-form-control" type="text" id="workingWell" name="field_eco_what_is_working_well[und][0][value]" aria-label="textarea example"></textarea></div>
</div>
<div class="pf-c-form__group"><label class="pf-c-form__label" for="field_eco_how_can_we_improve[und][0][value]"><span class="pf-c-form__label-text">How can we continue to improve?</span></label>
<div class="pf-c-form__horizontal-group"><textarea class="pf-c-form-control" type="text" id="toImprove" name="field_eco_how_can_we_improve[und][0][value]" aria-label="textarea example"></textarea></div>
</div>
<div class="pf-c-form__group"><label class="pf-c-form__label" for="field_eco_email[und][0][value]"><span class="pf-c-form__label-text">Email address (optional)</span></label>
<div class="pf-c-form__horizontal-group pf-c-form__horizontal-group--email"><input class="pf-c-form-control" type="email" id="email" name="field_eco_email[und][0][value]">
<p>We may follow up with you if we need more information to act on your feedback.</p>
</div>
</div>
<div class="pf-c-form__group hidden"><label class="pf-c-form__label" for="field_eco_describe_your_issue[und][0][value]"><span class="pf-c-form__label-text">Describe your issue (optional)</span></label>
<div class="pf-c-form__horizontal-group"><textarea class="pf-c-form-control" type="text" id="toDescribeIssue" name="field_eco_describe_your_issue[und][0][value]" aria-label="textarea example"></textarea></div>
</div>
<div class="pf-c-form__group">
<div class="pf-c-form__actions">
<div class="cover-spinner__container"><pfe-progress-indicator indeterminate="" size="md" pfelement="" class="PFElement" on="light"></pfe-progress-indicator></div><button class="pf-c-button pf-m-primary" id="ecoFeedbackFormSubmitBtn"
disabled="true">Submit</button> <button class="pf-c-button pf-m-secondary" type="button" id="modalClose">Cancel</button>
</div>
</div>
</form>
Text Content
Skip to navigation Skip to contentYou need to enable JavaScript to run this app. * Platforms & industries RED HAT ENTERPRISE LINUX * Certified software * Certified hardware * Cloud & service providers RED HAT OPENSHIFT * Certified software * Cloud & service providers RED HAT OPENSTACK * Certified software * Certified hardware * Cloud & service providers INDUSTRIES AND SEGMENTS * Telecommunications * Hardware BY CATEGORY * Servers * Edge systems * Workstations * Components FEATURED LISTS * Red Hat Enterprise Linux 8 certified servers * Red Hat OpenStack 16 certified servers * Red Hat Virtualization 4 certified servers Explore certified hardware * Software BY CATEGORY * OpenShift operators * Helm charts * Containerized applications * OpenStack infrastructure * Standalone applications * Container images * Vulnerability scanners FEATURED LISTS * OpenShift operators for Red Hat OpenShift 4 * Standalone applications for Red Hat Enterprise Linux 9 * CNF certified for Red Hat OpenShift * VNF certified for Red Hat OpenStack BASE IMAGES * About base images * Red Hat Universal Base Image 9 * Red Hat Universal Base Image 8 * Red Hat Universal Base Image 7 Explore certified softwareManage container registry service accounts * Cloud & service providers BY CONSUMPTION TYPE * Upload an image * On demand FEATURED LISTS * Certified for Red Hat Enterprise Linux 9 LEARN MORE * Red Hat Cloud Access Explore certified cloud Help Resources RESOURCES * Blog * Partner podcast MORE TO EXPLORE * All blogs * Events and webinars * Training and certification * Newsroom * Resource library * Customer success stories All Red Hat Back to menu * You are here RED HAT Learn about our open source products, services, and company. * You are here RED HAT CUSTOMER PORTAL Get product support and knowledge from the open source experts. * You are here RED HAT DEVELOPER Read developer tutorials and download Red Hat software for cloud application development. * You are here RED HAT PARTNER CONNECT Become a Red Hat partner and get support in building customer solutions. -------------------------------------------------------------------------------- * PRODUCTS * ANSIBLE.COM Learn about and try our IT automation product. * TRY, BUY, SELL * RED HAT HYBRID CLOUD Access technical how-tos, tutorials, and learning paths focused on Red Hat’s hybrid cloud managed services. * RED HAT STORE Buy select Red Hat products and services online. * RED HAT MARKETPLACE Try, buy, sell, and manage certified enterprise software for container-based environments. * COMMUNITY & OPEN SOURCE * THE ENTERPRISERS PROJECT Read analysis and advice articles written by CIOs, for CIOs. * OPENSOURCE.COM Read articles on a range of topics about open source. * * RED HAT SUMMIT Register for and learn about our annual open source IT industry event. * RED HAT ECOSYSTEM CATALOG Find hardware, software, and cloud providers―and download container images―certified to perform with Red Hat technologies. TESTED. CERTIFIED. SUPPORTED. Build on Red Hat platforms and technologies with certified, enterprise-grade products you need to achieve your business outcomes. We make it easy for you to explore and find certified products from our large and robust ecosystem of enterprise hardware, software, and cloud and service providers. BROWSE BY PLATFORM The leading enterprise Linux operating system, certified on hundreds of clouds and with thousands of vendors. Explore Red Hat® OpenShift® is an enterprise-ready Kubernetes container platform with full-stack automated operations to manage hybrid cloud, multicloud, and edge deployments. Explore Red Hat® OpenStack® Platform virtualizes resources from industry-standard hardware, organizes those resources into clouds, and manages them so users can access what they need—when they need it. Explore Red Hat® Ansible® Automation Platform is a foundation for building and operating automation across an organization. Explore STABLE ANYWHERE. AVAILABLE EVERYWHERE. Red Hat Enterprise Linux 9 has arrived. Browse the latest products certified for Red Hat Enterprise Linux 9. Learn more Certified hardwareCertified softwareCertified cloud BROWSE BY CATEGORY CERTIFIED HARDWARE Bare metal, appliances, and other hardware from Red Hat partners is certified and supported for Red Hat technologies. Explore CERTIFIED SOFTWARE OpenShift operators, containerized applications, and traditional software certified to run on Red Hat platforms. Explore CERTIFIED CLOUD AND SERVICE PROVIDERS Run your applications on Red Hat platforms and technologies in supported clouds and cloud service providers. Explore RED HAT BLOGS 10 TIPS FOR WRITING SECURE, MAINTAINABLE DOCKERFILES By Anthony Gimei|Published Thu, 23 Mar 2023 07:00:00 +0000 This article provides tips and best practices for creating secure Dockerfiles that are highly maintainable. Like code, Dockerfiles change over time and, therefore, should be written in such a way that makes them easy to update in the future. It is also important that the images that they create are secure and do not contain unnecessary vulnerabilities that increase the attack surface for your application. The image produced should be as small as possible because the image(s) must be stored remotely and transported in the network. Also, they must not be blotted. Finally, the Dockerfile, like any well-written code, should be easy to understand and use. 10 TIPS AND BEST PRACTICES FOR DOCKERFILES The following list describes tips and best practices for creating secure Dockerfiles that are highly maintainable. 1. USE THE CURRENT RELEASE BASE UPSTREAM IMAGE Always use the most current release base upstream image to provide security. Red Hat recommends: * Use the latest release of a base image. This release should contain the latest security patches available when the base image is built. When a new release of the base image is available, rebuild the application image to incorporate the base image's latest release because that release contains the latest fixes. * Conduct vulnerability scanning. Scan a base or application image to confirm that it doesn't contain any known security vulnerabilities. 2. USE A SPECIFIC IMAGE TAG OR VERSION Use a specific tag or version for your image, not "latest". This gives your image traceability. When troubleshooting the running container, the exact image will be obvious. Examples: * Do this: nginx:1.23.1 * Don't do this: nginx:latest 3. RUN IMAGES AS USER For security purposes, always ensure that your images run as non-root by defining USER in your Dockerfile. Additionally, set the permissions for the files and directories to the user. Because the Docker daemon runs as root, the Docker images run as root by default. This means if a process in the container goes rogue or gets hijacked and accesses the host, it will run with root access. This is certainly not secure. However, Podman is daemonless and rootless by design and, therefore, more secure. The following is an example. * Add USER to your Dockerfile. * Skipped configurations are indicated by: ... ... USER 1001 RUN chown -R 1001:0 /some/directory chmod -R g=u /some/directory ... 4. CHOOSE BASE IMAGES WITHOUT THE FULL OS Always choose the smallest base images that do not contain the complete or full-blown OS with system utilities installed. You can install the specific tools and utilities needed for your application in the Dockerfile build. This will reduce possible vulnerabilities and the attack surface of your image. 5. USE MULTI-STAGE DOCKERFILES Build images using multi-stage Dockerfiles to keep the image small. For example, for a Java application running in Open Liberty, use one stage to do the compile and build, and another stage to copy the binary artifact(s) and dependencies into the image, discarding all nonessential artifacts. Another example is, for an Angular application, run the npm install and build in one stage and copy the built artifacts in the next stage. * Example: Open Liberty Java application FROM registry.access.redhat.com/ubi8/openjdk-8:latest as builder USER 0 WORKDIR /tmp/app COPY src/ src/ COPY pom.xml pom.xml RUN mvn clean package ... FROM quay.io/ohthree/open-liberty:22.0.0.4 ... COPY --from=builder /tmp/app/src/main/liberty/config/server.xml /config/ COPY --from=builder /tmp/app/target/*.war /config/apps/ RUN \ chown -R 1001:0 /config && \ chmod -R g=u /config # Run as non-root user USER 1001 EXPOSE 9081 6. USE DOCKER IGNORE FILE Use a .dockerignore file to ignore files that do not need to be added to the image. 7. SCAN FOR VULNERABILITIES Scan your images for known vulnerabilities. * Podman integrates with multiple open-source scanning tools. For example, you can use Synk or Trivy. * Docker integrates with its own plugin local machine. Install the plugin, then run the following command: $ docker scan myappimage:1.0 8. AUTOMATE SCANS Automated scanning tools should also be implemented in the CI pipeline and on the enterprise registry. We also recommend deploying runtime scanning on applications in case a vulnerability is uncovered in the future. 9. ORGANIZE YOUR DOCKER COMMANDS Organize your Docker commands, especially the COPY command, in such a way that the files that change most frequently are at the bottom. This will speed up the build process. The reason for this is to take advantage of the Docker build process and speed up future builds. Each Docker build command creates a layer that is cached to be reused in the next build, designed to speed up subsequent builds. The caveat is that, in the subsequent build, if a command encounters a change, all commands after that will run and recreate new layers and cached, replacing the old ones even if they did not contain any changes. Having the most volatile COPY statements later in the Dockerfile maximize build caching. 10. CONCATENATE RUN COMMANDS Concatenate RUN commands to make your Dockerfile more readable and create fewer layers. Fewer layers mean a smaller container image. As mentioned previously, each RUN statement in the Dockerfile creates a layer that gets cached. Concatenating reduces the number of layers. The following are examples of what to do and not to do. * Don't do this: ... RUN yum --disablerepo=* --enablerepo=”rhel-7-server-rpms” RUN yum update RUN yum install -yl httpd ... * Do this instead: ... RUN yum --disablerepo=* --enablerepo=”rhel-7-server-rpms” && yum update && yum install -yl httpd ... * Even better, do this for readability: ... RUN yum --disablerepo=* --enablerepo=”rhel-7-server-rpms” && \ yum update && \ yum install -yl httpd ... FIND MORE RESOURCES We hope that these tips will help you build more secure Dockerfiles. Visit the Docker website for more information. See what we are doing on the Red Hat Developers Site. You can learn more about containerizing applications at Red Hat DO 180 training. If you have a question, feel free to comment below. We welcome your feedback. The post 10 tips for writing secure, maintainable Dockerfiles appeared first on Red Hat Developer. Read the articleView more blog posts RED HAT MARKETPLACE Red Hat® Marketplace is a single source to try, buy, and manage certified operators for Red Hat OpenShift®. It offers responsive support, streamlined billing and contracting, simplified governance, and a single dashboard across clouds. Explore Red Hat Marketplace WHY CHOOSE RED HAT CERTIFIED SOLUTIONS? Built and tested to exacting standards. Ready to deploy in your environment with confidence. Detailed interoperability, compatibility, and security details to choose the right solutions for your business needs. Fully supported by the provider while maintaining your relationship with Red Hat’s global support services. PARTNER WITH RED HAT We provide a variety of partner resources to assist you through the certification process to deliver the best possible experience to our mutual customers. Join the Red Hat Certified Ecosystem and showcase your product to millions of potential clients, customers, sellers, and developers. Learn more about how Red Hat Partner Connect can help you succeed Timestamp: Wed Mar 22 16:09:50 UTC 2023SHA: headVersion: 1.193 LinkedInYouTubeFacebookTwitter PLATFORMS * Red Hat Enterprise Linux * Red Hat OpenShift * Red Hat OpenStack Platform PRODUCTS & SERVICES * Certified hardware * Certified software * Certified cloud & service providers TRY, BUY, SELL * Product trial center * Red Hat Store * Red Hat Marketplace * Partner with us * Contact sales * Contact training * Contact consulting HELP * My account * Customer support * Partner resources * Developer resources * Training and certification * Learning community * Catalog documentation * Resource library ABOUT RED HAT ECOSYSTEM CATALOG The Red Hat Ecosystem Catalog is the official source for discovering and learning more about the Red Hat Ecosystem of both Red Hat and certified third-party products and services. We’re the world’s leading provider of enterprise open source solutions—including Linux, cloud, container, and Kubernetes. We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge. RED HAT LEGAL AND PRIVACY LINKS * About Red Hat * Jobs * Events * Locations * Contact Red Hat * Red Hat Blog * Diversity, equity, and inclusion * Cool Stuff Store * Red Hat Summit RED HAT LEGAL AND PRIVACY LINKS * Privacy statement * Terms of use * All policies and guidelines * Digital accessibility SUCCESS ALERT: THANK YOU FOR YOUR FEEDBACK! Have feedback? YOUR FEEDBACK IS IMPORTANT TO US Your company/organization Your role Select your roleArchitectDeveloperDevOps EngineerProduct ManagerSystems AdministratorOther What is working well? How can we continue to improve? Email address (optional) We may follow up with you if we need more information to act on your feedback. Describe your issue (optional) Submit Cancel