Red Hat and Black Duck Partner on Open Source Container Security

Plan to devise new way to screen containerized apps on Docker and other platforms for security vulnerabilities

Christopher Tozzi, Technology Analyst

October 22, 2015

2 Min Read
spectre meltdown Red Hat
Red Hat corporate headquarters in Raleigh, North Carolina (Photo: Red Hat)



This post originally appeared at The Var Guy

As container adoption via platforms such as Docker grows, who will keep containers free of security vulnerabilities? That's the quandary Red Hat and Black Duck hope to solve through a partnership that focuses on security for open source containers.

Security issues in the container market are a real concern. A study by BanyanOps found this year that 30 percent of the images in the official Docker repository contain "high priority security vulnerabilities." That risk is not lost on executives or IT admins, who cited security problems as a leading obstacle to container adoption in a survey Red Hat conducted this summer.

On Oct. 21, Red Hat and Black Duck announced a collaboration to screen containerized apps for security vulnerabilities and certify them to be free of risks. The offering will be based on Black Duck Hub, a service for scanning containers for security vulnerabilities, in combination with Red Hat's OpenShift PaaS platform.

The companies also say that they "plan to include Black Duck technologies as a set of complementary services within Red Hat’s current container certification workflow for application builders such as Independent Software Vendors (ISVs)." That effort will be part of Red Hat's comprehensive enterprise-focused container certification strategy, which it introduced in spring 2015.

Both companies see this move as a way to speed enterprise adoption of containers, especially those based on Linux and open source technologies. "A significant part of an enterprise-ready container strategy is the ability to trust the code across the entire lifecycle of a containerized application, from development to management," said Lars Herrmann, general manager, Integrated Solutions at Red Hat. "This collaboration demonstrates Red Hat’s continued commitment to delivering not only Linux container-based innovation, but also the tools and ecosystem to help enterprises adopt containerized applications that are secure, certified and supported."

Black Duck CEO Lou Shipley added, "Container technology is another breakthrough in the constant drive to increase development agility and get products to market more quickly. Speed and agility are key drivers for container adoption in the enterprise, but not at the expense of security. The Black Duck-Red Hat collaboration is rooted in the collective value that we deliver from an open source perspective, by helping to make containers safe for enterprise use."

This first ran at

About the Author(s)

Christopher Tozzi

Technology Analyst, Fixate.IO

Christopher Tozzi is a technology analyst with subject matter expertise in cloud computing, application development, open source software, virtualization, containers and more. He also lectures at a major university in the Albany, New York, area. His book, “For Fun and Profit: A History of the Free and Open Source Software Revolution,” was published by MIT Press.

Subscribe to the Data Center Knowledge Newsletter
Get analysis and expert insight on the latest in data center business and technology delivered to your inbox daily.

You May Also Like