Skip to content

Updates cso information #577

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Dec 13, 2022
Merged

Updates cso information #577

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 23 additions & 13 deletions modules/proc_container-security-operator-setup.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,27 +1,37 @@
[[container-security-operator-setup]]
= Scan pod images with the Container Security Operator
:_content-type: PROCEDURE
[id="container-security-operator-setup"]
= Scanning pod images with the Container Security Operator

Using the link:https://operatorhub.io/operator/container-security-operator[Container Security Operator],
(CSO) you can scan container images associated
with active pods, running on OpenShift (4.2 or later) and other Kubernetes
platforms, for known vulnerabilities. The CSO:
The link:https://operatorhub.io/operator/container-security-operator[Container Security Operator] (CSO) is an addon for the Clair security scanner available on {ocp} and other Kubernetes platforms. With the CSO, users can scan container images associated with active pods for known vulnerabilities.

* Watches containers associated with pods on all or specified namespaces
* Queries the container registry where the containers came from for vulnerability information provided an image’s registry supports image scanning (such as a Quay registry with Clair scanning)
* Exposes vulnerabilities via the ImageManifestVuln object in the Kubernetes API
[NOTE]
====
The CSO does not work without {productname} and Clair.
====

The Container Security Operator (CSO) performs the following features:

* Watches containers associated with pods on either specified or all namespaces.

Using the instructions here, the CSO is installed in the `marketplace-operators` namespace,
so it is available to all namespaces on your OpenShift cluster.
* Queries the container registry where the containers came from for vulnerability information (provided that an image's registry supports image scanning, such a a {productname} registry with Clair scanning).

* Exposes vulnerabilities via the `ImageManifestVuln` object in the Kubernetes API.

[NOTE]
====
To see instructions on installing the CSO on Kubernetes,
select the Install button from the link:https://operatorhub.io/operator/container-security-operator[Container Security OperatorHub.io] page.
====

== Run the CSO in OpenShift
[id="running-cso-openshift"]
== Downloading and running the Container Security Operator in {ocp}

Use the following procedure to download the Container Security Operator.

To start using the CSO in OpenShift, do the following:
[NOTE]
====
In the following procedure, the CSO is installed in the `marketplace-operators` namespace. This allows the CSO to be used in all namespaces of your {ocp} cluster.
====

. Go to Operators -> OperatorHub (select Security) to see the available `Container Security` Operator.

Expand Down