Red Hat has introduced three new developer tools to its Red Hat Trusted Software Supply Chain solution in a move designed to help organizations ramp up security earlier in the supply chain.
The Red Hat Trusted Software Supply Chain platform provides software and services to help organizations tackle software supply chain threats early and strengthen their overall resilience to vulnerabilities.
The first of its three new additions – dubbed Red Hat Trusted Artifact Signer – is based on the open-source Sigstore project and aims to increase trust in software artifacts progressing through the supply chain. Available now, the tool enables developers to cryptographically sign and verify artifacts using a keyless certificate authority - without the need to manage a centralized key management system, Red Hat said.
The second, Red Hat Trusted Profile Analyzer, has been designed to simplify vulnerability management. The offering operates as a hub for security documentation such as Software Bill of Materials (SBOM) and Vulnerability Exploitability Exchange (VEX), enabling organizations to efficiently manage and analyze the composition of software assets and documentation of custom, third party, and open-source software. Trusted Profile Analyzer is also available now.
The third new offering, Red Hat Trusted Application Pipeline, bundles together the Trusted Artifact Signer and Trusted Profile Analyzer with Red Hat’s internal developer platform, Red Hat Developer Hub, to provide developer self-service templates loaded with security-focused software supply chain capabilities.
RELATED WHITEPAPER
Acting as a hub for validated software templates, Red Hat said organizations can leverage the tool to verify pipeline compliance and ramp up traceability and auditability in the CI/CD process through an automated chain of trust that validates artifact signatures, as well as provides provenance and attestations. Trusted Application Pipeline is currently in tech preview, with general availability expected later this quarter.
In an announcement, Red Hat said it is releasing its new offerings as organizations are increasingly looking to proactively integrate security protocols directly into their software processes.
“Organizations are seeking to mitigate the risks of constantly evolving security threats in their software development - to keep and grow trust with users, customers and partners,” explained Sarwar Raza, vice president and general manager of Red Hat’s Application Developer Business Unit.
“Red Hat Trusted Software Supply Chain is designed to seamlessly bring security capabilities into every phase of the software development life cycle. From code time to runtime, these tools help increase transparency and trust and give DevSecOps teams the ability to lay the groundwork for a more secure enterprise without impacting developer velocity or cognitive load.”
-
Security experts issue warning over the rise of 'gray bot' AI web scrapersNews While not malicious, the bots can overwhelm web applications in a way similar to bad actors
-
Does speech recognition have a future in business tech?Once a simple tool for dictation, speech recognition is being revolutionized by AI to improve customer experiences and drive inclusivity in the workforce
-
Red Hat launches Build module as part of partner program refreshNews Red Hat has announced new changes to its partner program, including the launch of a new 'Build' module and go-to-market support capabilities.
-
Red Hat eyes “clear pathways for collaboration” with new partner program updatesNews The enhanced framework for Red Hat partners features a new modular design and fresh incentives
-
Linux Blue Screen of Death gives users a taste of the dreaded Windows featureNews The Linux Blue Screen of Death has been added in a recent update
-
Red Hat Enterprise Linux becomes foundational operating system for Cohesity Data CloudNews New strategic partnership between Red Hat and Cohesity aims to drive innovation in the data security and management space
-
Can the Open Enterprise Linux Association overcome Red Hat’s restrictions?Analysis Defining how compatibility will be achieved is the crucial question in the Red Hat Enterprise Linux saga
-
AlmaLinux follows Oracle in ditching RHEL compatibilityNews Application binary compatibility is now the aim with 1:1 now dropped
-
Can Oracle really be Linux's knight in shining armor?Opinion The self-proclaimed champion of open source freedom would like you to forget about its history
-
Red Hat: Distro vendors must abide by enterprise agreements amid source code ‘furor’News Ongoing confusion around how distro development teams can work around Red Hat’s latest restrictions has prompted a response
