 Well, hello everyone and welcome to another video of Red Hat OpenShift Container Platform featuring our partner ecosystem. My name is Dave Muir. I'm a principal solutions architect here at Red Hat focused on our security ISVs. And in this demo, I plan to show an integration between Sneak Container and Red Hat OpenShift, which empowers developers to easily find and fix vulnerabilities in containers within your OpenShift workloads. So we'll take a look at the Sneak and Red Hat Solution Overview. I'll give you a little bit of an architecture overview of the integration. And then we'll jump right into a demo of Sneak Container for OpenShift. Thinking about DevSecOps and where Red Hat and our partners fit in, you can see Sneak is very complementary to the left-hand side of a DevOps pipeline, taking care of a lot of the application analysis or vulnerability and configuration, management, security functions that you need to think about in a journey to DevSecOps. And then you can see on the right-hand side, Red Hat covers a lot of the security methods in the running cluster. More specifically, Sneak helps you to shift security left and test images as they're created in the IDE. In source code management, Sneak helps you to link container images to their Dockerfiles and OpenShift configurations. Within CICD, you can integrate Sneak directly into your pipeline and use policies to break builds based on vulnerability discoveries. And in your container registries, you can scan images and continue to monitor for newly disclosed vulnerabilities. And then in the orchestration and running cluster, Sneak helps you to monitor those running container workloads within OpenShift pods. If we take a look at the Sneak container on Red Hat OpenShift architecture, you'll notice that Sneak has a certified operator. And when you deploy that operator, it can deploy a Sneak monitor, which can either be cluster scoped or namespace scoped. And once deployed, it will scan the images that are found within your cluster or the namespace that you specify. Those scan results are then uploaded to the Sneak backend and we'll be able to view results in the Sneak UI. And we will all see this in the demo, which I'll go to right now. All right, I'll jump on over to Red Hat OpenShift container platform. And the first thing I wanted to show you is the Sneak operator in the operator hub. So you can see there's a marketplace version, a community version, and then the certified Sneak operator shown here. If you're using RHPDS, this operator is already installed and that it'd be installed in a Sneak monitor project. You'll find that here and installed operators. And in this specific instance, the Sneak monitors are namespace scoped, which means we have installed the monitor on all the user projects that are created for the demo or workshop that you're planning to use. So for example, if we go to user one and look at workloads, you can see there's an instance of Sneak monitor running here alongside an example demo application called Goof, which is a web application that uses a Mongo database. And this helps to show the capabilities of Sneak. Now, as I mentioned previously, the Sneak monitor can either be namespace scoped or cluster scoped. If it is cluster scoped, there's just one deployment of Sneak monitor which will test all the running workloads on every namespace or every project within your OpenShift cluster. These Sneak monitor containers communicate with the OpenShift API to determine which workloads are running, and it scans them and it sends results back to the Sneak server. You can scan all sorts of OpenShift workloads, deployments, deployment configs, daemon sets, jobs, replication controllers, pods. And to import those workloads into the back-end Sneak server, you can either select the workloads in the Sneak UI or they can be imported automatically using annotations. So if we take a look at the Goof deployment, we have annotated this deployment with the appropriate Sneak annotation so that those results are imported automatically. Okay, let's jump over to the Sneak UI and view the scan results. You can sign up for free at sneak.io. I'm actually part of the Red Hat Partner Organization. And if we go to the Projects tab, you'll see a list of deployments or projects that have been recently automatically imported from the cluster we just deployed. If we expand User 5, Project here, you'll see a list of images used by this workload and for workloads with multiple images. The top row aggregates the count of vulnerabilities across all those images. Now if we click the workload link itself, we can see details around the security posture of the workload configuration here on the top right. Let's return to the Project tab and click the actual image name under User 5. If we scroll down, we can see the list of issues ordered by Sneak's priority score. Each card represents a vulnerability and displays things like the issue type, informative links, the sneak and tell database, details on possible remediation if available, this new feature around if this vulnerability is trending or not in Twitter. Let's go up and switch to the Dependencies tab here. And we can see the container's dependency tree and these expand to show you what transitive dependencies were brought in. Now let's return to the Issues tab here. And then just scroll up and we can see recommendations for upgrading the base image here. Sneak presents base image upgrade guidance grouped by how likely they are to be compatible with the application. So minor upgrades are the most likely to be compatible with little work. Major upgrades can introduce breaking changes depending on the image use. And then you might see alternative architecture images that are shown for more technical users to investigate. One final thing to note here is that a benefit of using Sneak Monitor to monitor your running workloads is that once these projects are imported into the UI, Sneak will continue to monitor the workload and retesting for issues as new images are deployed and the workload configuration changes. Okay, that does it for a quick demo. I wanted to jump back to the presentation and just show you again the architecture of Sneak Container on Red Hat OpenShift. So we saw that Sneak operator. It deployed the Sneak Monitor. In the case that you saw, it was namespace scoped. So you saw Sneak Monitor pods in every user project that we had. And once images are deployed, Sneak Monitor will scan those images and then send those results back to the Sneak backend where we saw a bunch of great stuff like the security posture of the workload, the vulnerabilities that are found in the image, the dependency tree and the transitive dependencies. And this is all backed by Sneak's Intel database. Okay, I'd like to thank everyone for watching this demo of Sneak Container on Red Hat OpenShift. To learn more about this demo, please head on over to demo.openshift.com or the Red Hat page on sneak.io. Take care, everyone.