Project Hummingbird aims to remove the worry and streamline the deployment of secure container images for cloud-native teams.
Red Hat just offered to make things a little easier for cloud native focused DevOps and CI/CD teams. On Wednesday, the company announced Project Hummingbird to supply subscription customers with a catalog of small, hardened container images pre-loaded with everything from runtimes to web servers and everything in between.
The focus of the program is on safety and ease of use, but also to remove all pre-deployment question marks. The images are stripped of non-essential components, they ship free of known vulnerabilities, and with functionality testing already completed.
“As supply chain attacks grow in prominence, organizations are often forced to choose between moving fast and maintaining security posture,” Gunnar Hellekson, Red Hat’s VP and GM of Red Hat Enterprise Linux said in a statement. “Project Hummingbird is designed to remove that trade-off by providing a minimal, trusted, and transparent zero-CVE foundation for building cloud-native applications. This limits vulnerabilities so development and IT security teams have a clear, direct path to business value with speed, agility, security, and peace of mind.”
Right now the project is being offered as an early access program for Red Hat subscription customers, but the company said that when the project is released for general availability, full production support will be available to subscription customers. After GA, unsupported Project Hummingbird images will be available and redistributable, following a model used for other Red Hat offerings such as its Universal Base Image.
Hummingbird Tricks
It appears that with Project Hummingbird the company is attempting to make the minutia of deploying cloud native side items as easy as picing an image from off a shelf. Red Hat says the catalog represents a curated selection of containers that are most requested by Red Hat customers. This includes images with languages and runtimes (.Net, Go, Java, Node, etc.),databases (mariadb, postgresql, and others), web servers and proxies (Nginx, caddy, and more), as well as other necessary components for modern application stacks.
“By offering these leaner, production-ready images, Project Hummingbird intends to reduce the time and effort spent on package integration and vulnerability management, freeing up resources to focus on faster, more effective innovation,” Red Hat said in a press statement.
More than Just Ready-to-Go Containers
Red Hat stresses that this offering is about more than just offering ready-to-use container images, and points to intangibles that come with these images:
- “Zero-CVE” status: Project Hummingbird’s images are free of known vulnerabilities, and the functionality testing verifies that they’re useful and stable.
- Complete software bill of materials: The inclusion of SBOMs mean users are able to verify an image’s contents to meet compliance requirements.
As of now, Red Hat hasn’t indicated when the project will reach general availability.
Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux
_--_20_May_2012_(panoramio.com)_(cropped).jpg){kind=link}
Be First to Comment