Red Hat Expands Red Hat Trusted Software Supply Chain
April 18, 2024

Red Hat announced updates to Red Hat Trusted Software Supply Chain.

These solutions advance the ability for customers to embed security into the software development life cycle, increasing software integrity earlier in the supply chain while adhering to industry regulations and compliance standards.

Red Hat Trusted Software Supply Chain delivers software and services that enhance an organization's resilience to vulnerabilities, enabling them to identify and address potential issues early and mitigate them before they can be exploited. Organizations are now empowered to more efficiently code, build, deploy and monitor their software using proven platforms, trusted content and real-time security scanning and remediation.

Based on the open source Sigstore project founded at Red Hat and now part of the Open Source Security Foundation, Red Hat Trusted Artifact Signer increases the trustworthiness of software artifacts moving through the software supply chain by enabling developers and stakeholders to cryptographically sign and verify the artifacts using a keyless certificate authority. With its identity-based signing through an integration with OpenID Connect, organizations can have greater confidence in the authenticity and integrity of their software supply chain without the overhead and hassle of managing a centralized key management system.

Red Hat Trusted Profile Analyzer simplifies vulnerability management by providing a source of truth for security documentation, including Software Bill of Materials (SBOM) and Vulnerability Exploitability Exchange (VEX). Organizations can manage and analyze the composition of software assets and documentation of custom, third party and open source software without slowing down development or increasing operational complexity.

Red Hat Trusted Application Pipeline combines the capabilities of Red Hat Trusted Profile Analyzer and Red Hat Trusted Artifact Signer, along with Red Hat’s enterprise-grade internal developer platform, Red Hat Developer Hub, to provide security-focused software supply chain capabilities that are pre-integrated into developer self-service templates. Red Hat Trusted Application Pipeline consists of a central developer hub of validated software templates and integrated guardrails that standardize and expedite onboarding of security-focused golden paths to increase trust and transparency at code-time.

Organizations can use the offering to verify pipeline compliance and provide traceability and auditability in the CI/CD process with an automated chain of trust that validates artifact signatures, and offers provenance and attestations. Enterprise contracts, with vulnerability scanning and policy checking directly from the CI/CD pipeline, can stop suspicious build activity from being promoted into production.

These offerings are available as self managed, on-premise capabilities and can be layered onto application platforms, such as Red Hat OpenShift, or consumed separately, offering flexibility and choice to meet developers specific needs.

Red Hat Trusted Artifact Signer and Red Hat Trusted Application Pipeline are generally available. Red Hat Trusted Profile Analyzer is available in tech preview, with general availability expected this quarter.

Share this

Industry News

May 01, 2024

Amazon Web Services (AWS) announced the general availability of Amazon Q, a generative artificial intelligence (AI)-powered assistant for accelerating software development and leveraging companies’ internal data.

May 01, 2024

Red Hat announced the general availability of Red Hat Enterprise Linux 9.4, the latest version of the enterprise Linux platform.

May 01, 2024

ActiveState unveiled Get Current, Stay Current (GCSC) – a continuous code refactoring service that deals with breaking changes so enterprises can stay current with the pace of open source.

May 01, 2024

Lineaje released Open-Source Manager (OSM), a solution to bring transparency to open-source software components in applications and proactively manage and mitigate associated risks.

May 01, 2024

Synopsys announced the availability of Polaris Assist, an AI-powered application security assistant on the Synopsys Polaris Software Integrity Platform®.

April 30, 2024

Backslash Security announced the findings of its GPT-4 developer simulation exercise, designed and conducted by the Backslash Research Team, to identify security issues associated with LLM-generated code. The Backslash platform offers several core capabilities that address growing security concerns around AI-generated code, including open source code reachability analysis and phantom package visibility capabilities.

April 30, 2024

Azul announced that Azul Intelligence Cloud, Azul’s cloud analytics solution -- which provides actionable intelligence from production Java runtime data to dramatically boost developer productivity -- now supports Oracle JDK and any OpenJDK-based JVM (Java Virtual Machine) from any vendor or distribution.

April 30, 2024

F5 announced new security offerings: F5 Distributed Cloud Services Web Application Scanning, BIG-IP Next Web Application Firewall (WAF), and NGINX App Protect for open source deployments.

April 29, 2024

Code Intelligence announced a new feature to CI Sense, a scalable fuzzing platform for continuous testing.

April 29, 2024

WSO2 is adding new capabilities for WSO2 API Manager, WSO2 API Platform for Kubernetes (WSO2 APK), and WSO2 Micro Integrator.

April 29, 2024

OpenText™ announced a solution to long-standing open source intake challenges, OpenText Debricked Open Source Select.

April 29, 2024

ThreatX has extended its Runtime API and Application Protection (RAAP) offering to provide always-active API security from development to runtime, spanning vulnerability detection at Dev phase to protection at SecOps phase of the software lifecycle.

April 29, 2024

Canonical announced the release of Ubuntu 24.04 LTS, codenamed “Noble Numbat.”

April 25, 2024

JFrog announced a new machine learning (ML) lifecycle integration between JFrog Artifactory and MLflow, an open source software platform originally developed by Databricks.

April 25, 2024

Copado announced the general availability of Test Copilot, the AI-powered test creation assistant.