 Hi again Red Hat Developers, this is Jason from the Red Hat Developers Program. Here we are at Summit 2017 at the Dev Zone and we have Dirk Herrmann from Red Hat who's going to talk to us about the Red Hat Container Catalog. As it's stated on the slide I will talk a little bit about the Red Hat Container Catalog in a specific context, so how to identify the right base images you can pick for your application. So in case you are not aware of the Container Catalog at all and haven't heard about it, what are the key challenges? It's got already mentioned some of them in this previous presentation. So the challenge is that there are a lot of public registry out there and everybody can pull images from somewhere and get them and run them and build something on top of it. And we as Red Hat look at this at a certain risk because you typically don't know what's inside, who's updating it, who's maintaining it, who's responsible for providing updates and fix and stuff like that. And this is the whole idea of the Red Hat Container Catalog. So if you're not familiar with what we as Red Hat are doing, we are not only pushing more than 1,500 images in 227 repositories into our registry, we provide a lot of additional value around it. So we have thousands of K-based articles, product documentation. We are regularly updating our images based on our great work of our Red Hat product security team, which provides a lot of additional information around security vulnerabilities around our images. So just that you have some numbers in your mind, last year we fixed more than 97 critical security advisers just in REL. And the good news is we fixed 100% of critical security advisers in REL in less than one day. So if you look at this, you will probably get a better impression. There is much more than just the image itself and the image metadata and the metadata coming out of the repository or registry. So we have security data, we have documentation, we have a lot of other metadata we can provide. And this has been the starting point for the Red Hat Container Catalog, which is a cross-team effort. We work with more than 10 different teams across four different organizations in Red Hat. We followed a design-driven model to develop the thing clearly focusing on user experience. So we started long before we started to develop the final web UI. We worked on wireframes, user stories, target personas and stuff like that. So the key features of Red Hat Container Catalog are the Container Health Index. We made a press release earlier today around this particular piece. We have extensive image and through repository metadata we are automatically adding image documentation surrounding of this image. And of course we are leveraging our Red Hat advisories. So I've added some of the user story and target personas here and also tried to map it better to different life cycle steps. So the first step is typically somebody comes through Red Hat to the Container Catalog or to the customer portal and he just wants to better understand what's inside the Container Catalog, what's inside the Retter Registry, what can I get there and especially I'm searching for a particular Red Hat Enterprise Linux base image. So this is a typical starting point and basically we provide two different options to find images in the Container Catalog. One is the, which is shown on the right side, the Explore Pass where we provide some guidance around popular application categories, image architecture categories, some basic statistics and popular products. The left side you can see a very powerful search where you can use the filter facets shown on the left side to shrink down the search results to exactly what you are looking for. So in case you are looking for a base image, you can either use the filter facets on the left side, the image architecture category base image or you can click on the corresponding tile on the Red Hat Container Catalog Explore page. If you click on the Explore page tile you will see this base image overview page which basically gives you a little bit description what a base image is all about. So this is something Scott McCarty wrote up and we are highlighting the two main base images we as Retter provide and compare them side by side. Below this page you will see the list of all the Retter repositories we ship or Retter Enterprise Linux repositories and this might be a little bit confusing that you see 10 results if you hide better and deprecated repositories and this is something to do with Surrell or Retter Enterprise Linux repository structure. So we ship the latest version into the top-level repository called Well. We have a special repository, Relatomic, we have major release repositories and we have minor release repositories. For the minor release repositories over time those are getting deprecated and we clearly mark them as deprecated in the Container Catalog with warnings and guidance which repositories should be used instead. If you already found what you are looking for you probably want to see a little bit more details, key characteristics, what is the surrounding documentation and what can I do with it, how can I learn more about it. If you go to the repository overview page you will see a lot of details there on an overview table and you might notice the additional tabs for surrounding documentation, for all the text or image versions inside your repository, some technical details coming out of the data inside the image. So if you want to, if you decided you want to pick one particular image you have multiple options to consume this image. So it's much more than just docker pool or atomic run or open-shift, we provide additional guidance for different runtime environments and we have this surrounding documentation tab which also includes a lot of documentation how to pool and use it. So as I mentioned it, the multiple what we call a choir pass provide guidance how to consume those images for different runtime environments and registry. So this is the satellite six template shown here which provides some guidance, how can you synchronize the entire repository or an individual image into satellite six running in your own premise environment that you can consume the images from there. If you already synced it you probably want to better understand how can I use and maintain those images over time. And this brings me back to the search overview page. So you can search for nearly everything. So the search is probably the most powerful element in the container catalog. You can search for images, namespace repositories, you can search for products, you can search for image IDs, for advisory IDs, for categories, keywords and so on and so on. The type ahead options as opposed to support you to find the most relevant items in the container catalog. The filter facets on the left side can be used to come down to the most relevant search result and you get back a list of key data results for the repository shown up. One of the items you might have noticed on the search result is the grade. So if I go back to the previous slide you will see most of the times A and there's one B images which you can see in the middle. And this is what we call the container health index. So we made a press release earlier today around the container health index. So basically if you look on container images, container images are static content bundle which means if we ship them into our registry by definition they are getting outdated over time. It's automatically nothing can prevent you that the image gets outdated over time because the static content bundle met security issues which immerse frequently. And I put some numbers in there that you can better understand what we are doing with the container health index. So basically we have more than 2,000 images in our registry and we will add ecosystem images very soon and more than 500,000 RPM packages are inside those images. On the other hand we have more than 3,000 advisories with more than 5,000 unique CVs we can compare those image content bundles against. As a reminder last year 97 critical security advisories came out and if a critical security advisory comes out this immediately shows up in the container catalog nearly in real time so we need some time that we can process it. But you will see that this image is affected by this particular content update inside and the grade goes down to B immediately. So the health index indicators are on the one hand the age of the image on the other hand the unapplied updates where a CVE is attached to it. So we are focusing on security data it doesn't matter if it's a security advisory also there are bug fix enhancement advisory CVs are attached to it and we are parsing them as well. So basically again we develop this as a cross-team effort of course with the help of our product security team who by the way developed the initial prototype of this piece and the idea is to reduce complex or to provide complex security data in a simplified way with one leather health index grade. And we are leveraging all the Reddit security data we provide so all the advisories for all RPMs inside the images for all products and this provides actionable scan results and I will explain a little bit better what does it mean. So if you look on the tech index page where you see all the image versions inside the repository you might notice the health index history graph over time which shows what we as Reddit are doing. So if there's a critical security advisory coming out which impacts one of the images you will see that the freshness grade goes down to B but at the same time we are starting to respin this image which probably as you see in this screenshot probably in most of the cases we are able to bring it back to A with shipping a newer image version just because we have all the data we need to maintain those images and then you can see that all the versions inside the same repositories have a worse fresher spray so in this case C and this is typically so this is true for all the images. Again you can search for an image ID you will see which freshness grade the image ID or the image version you are currently using currently has. If you search for an image ID and come to the particular tech details page or on this particular tech or image version you will see by default the security details tab if it's not the current version you will see a warning pointed you to the most current version inside the repository you will see the health index with a short summary of what exactly this particular letter grade means you will see the applicable vulnerabilities by advisory severity and you will get a full list of the advisories and the most powerful thing is on the bottom right side besides having the list or the advisory of the RPM content inside which helps you getting rid of the fix we provide an information in which all this image version this fix is contained as well so basically if you want to get rid of one of the security advisories listed at the bottom of this page you can apply the image version or at least this image version which is shown in the applicable updates table so this is the reddit container look could look a very brief summary there's much more we can talk about if you have any questions, want to file a feature request or have some other feedback please don't hesitate to step by at the UxD booth it's right over there I will be there most of the time together with Dash Copeland who is one of our leaders thanks a lot for your patience