Using the {rhq-cso}, you can access vulnerability scan results from the {product-title} web console for container images used in active pods on the cluster. The {rhq-cso}:
-
Watches containers associated with pods on all or specified namespaces
-
Queries the container registry where the containers came from for vulnerability information, provided an image’s registry is running image scanning (such as Quay.io or a Red Hat Quay registry with Clair scanning)
-
Exposes vulnerabilities via the
ImageManifestVulnobject in the Kubernetes API
Using the instructions here, the {rhq-cso} is installed in the openshift-operators
namespace, so it is available to all namespaces on your {product-title} cluster.