Red Hat Expands Red Hat Trusted Software Supply Chain
April 18, 2024

Red Hat announced updates to Red Hat Trusted Software Supply Chain.

These solutions advance the ability for customers to embed security into the software development life cycle, increasing software integrity earlier in the supply chain while adhering to industry regulations and compliance standards.

Red Hat Trusted Software Supply Chain delivers software and services that enhance an organization's resilience to vulnerabilities, enabling them to identify and address potential issues early and mitigate them before they can be exploited. Organizations are now empowered to more efficiently code, build, deploy and monitor their software using proven platforms, trusted content and real-time security scanning and remediation.

Based on the open source Sigstore project founded at Red Hat and now part of the Open Source Security Foundation, Red Hat Trusted Artifact Signer increases the trustworthiness of software artifacts moving through the software supply chain by enabling developers and stakeholders to cryptographically sign and verify the artifacts using a keyless certificate authority. With its identity-based signing through an integration with OpenID Connect, organizations can have greater confidence in the authenticity and integrity of their software supply chain without the overhead and hassle of managing a centralized key management system.

Red Hat Trusted Profile Analyzer simplifies vulnerability management by providing a source of truth for security documentation, including Software Bill of Materials (SBOM) and Vulnerability Exploitability Exchange (VEX). Organizations can manage and analyze the composition of software assets and documentation of custom, third party and open source software without slowing down development or increasing operational complexity.

Red Hat Trusted Application Pipeline combines the capabilities of Red Hat Trusted Profile Analyzer and Red Hat Trusted Artifact Signer, along with Red Hat’s enterprise-grade internal developer platform, Red Hat Developer Hub, to provide security-focused software supply chain capabilities that are pre-integrated into developer self-service templates. Red Hat Trusted Application Pipeline consists of a central developer hub of validated software templates and integrated guardrails that standardize and expedite onboarding of security-focused golden paths to increase trust and transparency at code-time.

Organizations can use the offering to verify pipeline compliance and provide traceability and auditability in the CI/CD process with an automated chain of trust that validates artifact signatures, and offers provenance and attestations. Enterprise contracts, with vulnerability scanning and policy checking directly from the CI/CD pipeline, can stop suspicious build activity from being promoted into production.

These offerings are available as self managed, on-premise capabilities and can be layered onto application platforms, such as Red Hat OpenShift, or consumed separately, offering flexibility and choice to meet developers specific needs.

Red Hat Trusted Artifact Signer and Red Hat Trusted Application Pipeline are generally available. Red Hat Trusted Profile Analyzer is available in tech preview, with general availability expected this quarter.

Share this

Industry News

May 16, 2024

Pegasystems announced the general availability of Pega Infinity ’24.1™.

May 16, 2024

Mend.io and Sysdig unveiled a joint solution to help developers, DevOps, and security teams accelerate secure software delivery from development to deployment.

May 16, 2024

GitLab announced new innovations in GitLab 17 to streamline how organizations build, test, secure, and deploy software.

May 16, 2024

Kobiton announced the beta release of mobile test management, a new feature within its test automation platform.

May 15, 2024

Gearset announced its new CI/CD solution, Long Term Projects in Pipelines.

May 15, 2024

Rafay Systems has extended the capabilities of its enterprise PaaS for modern infrastructure to support graphics processing unit- (GPU-) based workloads.

May 15, 2024

NodeScript, a free, low-code developer environment for workflow automation and API integration, is released by UBIO.

May 14, 2024

IBM announced IBM Test Accelerator for Z, a solution designed to revolutionize testing on IBM Z, a tool that expedites the shift-left approach, fostering smooth collaboration between z/OS developers and testers.

May 14, 2024

StreamNative launched Ursa, a Kafka-compatible data streaming engine built on top of lakehouse storage.

May 14, 2024

GitKraken acquired code health innovator, CodeSee.

May 13, 2024

ServiceNow introduced a new no‑code development studio and new automation capabilities to accelerate and scale digital transformation across the enterprise.

May 13, 2024

Security Innovation has added new skills assessments to its Base Camp training platform for software security training.

May 13, 2024

CAST introduced CAST Highlight Extensions Marketplace — an integrated marketplace for the software intelligence product where users can effortlessly browse and download a diverse range of extensions and plugins.

May 09, 2024

Red Hat and Elastic announced an expanded collaboration to deliver next-generation search experiences supporting retrieval augmented generation (RAG) patterns using Elasticsearch as a preferred vector database solution integrated on Red Hat OpenShift AI.

May 09, 2024

Traceable AI announced an Early Access Program for its new Generative AI API Security capabilities.