Backslash Security announced the findings of its GPT-4 developer simulation exercise, designed and conducted by the Backslash Research Team, to identify security issues associated with LLM-generated code. The Backslash platform offers several core capabilities that address growing security concerns around AI-generated code, including open source code reachability analysis and phantom package visibility capabilities.
Red Hat Expands Red Hat Trusted Software Supply Chain
April 18, 2024
Red Hat announced updates to Red Hat Trusted Software Supply Chain.
These solutions advance the ability for customers to embed security into the software development life cycle, increasing software integrity earlier in the supply chain while adhering to industry regulations and compliance standards.
Red Hat Trusted Software Supply Chain delivers software and services that enhance an organization's resilience to vulnerabilities, enabling them to identify and address potential issues early and mitigate them before they can be exploited. Organizations are now empowered to more efficiently code, build, deploy and monitor their software using proven platforms, trusted content and real-time security scanning and remediation.
Based on the open source Sigstore project founded at Red Hat and now part of the Open Source Security Foundation, Red Hat Trusted Artifact Signer increases the trustworthiness of software artifacts moving through the software supply chain by enabling developers and stakeholders to cryptographically sign and verify the artifacts using a keyless certificate authority. With its identity-based signing through an integration with OpenID Connect, organizations can have greater confidence in the authenticity and integrity of their software supply chain without the overhead and hassle of managing a centralized key management system.
Red Hat Trusted Profile Analyzer simplifies vulnerability management by providing a source of truth for security documentation, including Software Bill of Materials (SBOM) and Vulnerability Exploitability Exchange (VEX). Organizations can manage and analyze the composition of software assets and documentation of custom, third party and open source software without slowing down development or increasing operational complexity.
Red Hat Trusted Application Pipeline combines the capabilities of Red Hat Trusted Profile Analyzer and Red Hat Trusted Artifact Signer, along with Red Hat’s enterprise-grade internal developer platform, Red Hat Developer Hub, to provide security-focused software supply chain capabilities that are pre-integrated into developer self-service templates. Red Hat Trusted Application Pipeline consists of a central developer hub of validated software templates and integrated guardrails that standardize and expedite onboarding of security-focused golden paths to increase trust and transparency at code-time.
Organizations can use the offering to verify pipeline compliance and provide traceability and auditability in the CI/CD process with an automated chain of trust that validates artifact signatures, and offers provenance and attestations. Enterprise contracts, with vulnerability scanning and policy checking directly from the CI/CD pipeline, can stop suspicious build activity from being promoted into production.
These offerings are available as self managed, on-premise capabilities and can be layered onto application platforms, such as Red Hat OpenShift, or consumed separately, offering flexibility and choice to meet developers specific needs.
Red Hat Trusted Artifact Signer and Red Hat Trusted Application Pipeline are generally available. Red Hat Trusted Profile Analyzer is available in tech preview, with general availability expected this quarter.
Industry News
April 30, 2024
April 30, 2024
Azul announced that Azul Intelligence Cloud, Azul’s cloud analytics solution -- which provides actionable intelligence from production Java runtime data to dramatically boost developer productivity -- now supports Oracle JDK and any OpenJDK-based JVM (Java Virtual Machine) from any vendor or distribution.
April 30, 2024
F5 announced new security offerings: F5 Distributed Cloud Services Web Application Scanning, BIG-IP Next Web Application Firewall (WAF), and NGINX App Protect for open source deployments.
April 29, 2024
Code Intelligence announced a new feature to CI Sense, a scalable fuzzing platform for continuous testing.
April 29, 2024
WSO2 is adding new capabilities for WSO2 API Manager, WSO2 API Platform for Kubernetes (WSO2 APK), and WSO2 Micro Integrator.
April 29, 2024
OpenText™ announced a solution to long-standing open source intake challenges, OpenText Debricked Open Source Select.
April 29, 2024
ThreatX has extended its Runtime API and Application Protection (RAAP) offering to provide always-active API security from development to runtime, spanning vulnerability detection at Dev phase to protection at SecOps phase of the software lifecycle.
April 29, 2024
Canonical announced the release of Ubuntu 24.04 LTS, codenamed “Noble Numbat.”
April 25, 2024
JFrog announced a new machine learning (ML) lifecycle integration between JFrog Artifactory and MLflow, an open source software platform originally developed by Databricks.
April 25, 2024
Copado announced the general availability of Test Copilot, the AI-powered test creation assistant.
April 25, 2024
SmartBear has added no-code test automation powered by GenAI to its Zephyr Scale, the solution that delivers scalable, performant test management inside Jira.
April 24, 2024
Opsera announced that two new patents have been issued for its Unified DevOps Platform, now totaling nine patents issued for the cloud-native DevOps Platform.
April 23, 2024
mabl announced the addition of mobile application testing to its platform.
April 23, 2024
Spectro Cloud announced the achievement of a new Amazon Web Services (AWS) Competency designation.
April 22, 2024
GitLab announced the general availability of GitLab Duo Chat.
