DEVOPSdigest

Rancher Government Solutions launched Rancher Government Carbide, a supply chain security solution, in response to increasing threats to the nation’s software supply chain.

Carbide simplifies Kubernetes security management by providing a better, more standardized way for users to verify and validate that their software is safe and secure.

Rancher Government Carbide secures the software supply chain by verifying provenance back to a trusted entity using a centralized secure container registry for end users, validated by a secured signing key. In addition, Carbide’s pipeline utilizes tools for vulnerability scanning and generating software bills of materials (SBOMs). Furthermore, Carbide supports a Kubernetes management platform and distribution with Security Technical Implementation Guides (STIGs) validated and published by DISA (Rancher MCM 2.6 & RKE2).

“At Rancher Government Solutions, we know securing the software supply chain is mission critical to our federal customers, particularly given the increased frequency of attacks,” said Brandon Gulla, Vice President and Chief Technology Officer at Rancher Government Solutions. “We built Carbide to provide security validation capabilities directly to our customers and give them a clear, easy way to confidently answer difficult questions about the security posture of their Kubernetes environments.”

STIGATRON is a tool within Carbide built to validate that downstream clusters are secure. By automatically scanning downstream clusters from the centralized Rancher Manager and comparing them to the STIG cluster, STIGATRON alleviates the obstacles system administrators face in the validation process, enabling automated compliance with the security standards of the federal government.

“Given that software is critical to daily operations, the need to balance security with innovation is essential,” said Lynne Chamberlain, President and CEO of Rancher Government Solutions. "This is why our team developed Rancher Government Carbide: to simplify Kubernetes management by providing a more standardized way for users to verify and validate software and support federal security compliance requirements.”

Rancher Government Carbide also includes airgap documentation and edge capabilities. Carbide is an add-on support service to the existing Rancher products suite, designed to assist supported customers with overcoming the security challenges associated with application modernization, containers, and Kubernetes.

Carbide is included at no extra cost and can be easily accessed by all current RGS support customers. Rancher users interested in optimizing their experience using Rancher software and ensuring security can reach out to the RGS team at https://ranchergovernment.com/carbide(link is external). In addition, U.S. government and DoD IT teams seeking to address the operational and security challenges of managing multiple Kubernetes clusters at scale can visit www.ranchergovernment.com(link is external) for more information.