UBI9 Licensing & Compliance Analysis for FOLIO Project
https://folio-org.atlassian.net/browse/EUREKA-830
Executive Summary
Purpose: Assess legal and compliance implications of using Red Hat UBI9 within the FOLIO open-source project.
Date: October 16, 2025
Status: 🟢 Compliant
Red Hat’s Official Position
“Red Hat Universal Base Images (UBI) are OCI-compliant container base operating system images with complementary runtime languages and packages that are freely redistributable.”
“UBI images can be obtained from the Red Hat container catalog and be built and deployed anywhere.”
Key Findings
Category | Status | Summary | Source |
|---|---|---|---|
Redistribution | ✅ Allowed | “UBI components are freely redistributable.” (Section 37, UBI FAQ) | |
Public Registries | ✅ Permitted | “You can distribute your images wherever and however you like.” | |
Modification | ✅ Allowed (with conditions) | Modification of UBI layers is permitted if Red Hat trademarks are removed (EULA § 2). | |
FIPS Mode | ✅ Supported | UBI9 leverages RHEL’s FIPS 140-2/3 validated cryptographic modules. |
Compliance Summary
UBI9 fully satisfies FOLIO’s open-source and FIPS 140-3 compliance requirements.
The Red Hat EULA and FAQ explicitly authorize redistribution via public registries (e.g. DockerHub, GHCR), confirming UBI9 as a legally defensible base image for open distribution.
Red Hat UBI9 Licensing Overview
1. Licensing Foundation
“Subject to the terms of this Agreement, Red Hat grants to you a perpetual, worldwide, non-exclusive, no-charge, royalty-free license to use, reproduce, modify, distribute, and create derivative works of the Software.”
2. Redistribution Rights
“UBI components are freely redistributable so that anyone can deploy onto Red Hat or non-Red Hat platforms.”
Redistribution is unrestricted — applies to all geographies, platforms, and users.
3. Open Source and Public Distribution
“UBI is freely redistributable for anyone to use, whether you’re a Red Hat customer or not. You can use it in your Dockerfiles, push it to your own registries, and deploy it in production.”
— Red Hat Blog – “Introducing the Red Hat Universal Base Image,” Aug 2024
✅ Supports FOLIO’s public registries such as DockerHub and GHCR.
4. Modification and Trademark Use
“The UBI EULA includes permission to use Red Hat trademarks when distributing unmodified images based on UBI. Modified images must remove Red Hat marks.”
FOLIO’s image layering approach (UBI9 base + open-source application) automatically satisfies this requirement.
FIPS 140-2/3 Compliance
“UBI shares the same security features as RHEL, including cryptographic validation and compliance for FIPS 140-2/3.”
— Red Hat Blog – “Why UBI is Crucial for a Standard Operating Environment,” 2024
FOLIO Impact:
UBI9 inherits RHEL’s validated cryptographic stack
Containers inherit host FIPS settings
Compliant on FIPS-enabled hosts
Compatibility with Open Source Registries
DockerHub
Status: ✅ Compliant
Redistribution permitted under EULA and FAQ.
Verified examples:
redhat/ubi9
GitHub Container Registry (GHCR)
Status: ✅ Compliant
Licensing supports OCI registries.
Public access requires no Red Hat subscription.
See UBI FAQ – Distribution Guidance.
Recommendations
Continue using UBI9 as FOLIO’s FIPS-compliant base image.
Supported by EULA and FAQ redistribution clauses.FOLIO’s use of Red Hat UBI9 is fully compliant, legally defensible, and FIPS-secure