Red Hat adds trio of new tools to its Trusted Software Supply Chain
The open-source giant said the additions will help organizations tackle vulnerabilities in their supply chains earlier and improve overall resiliency


Red Hat has introduced three new developer tools to its Red Hat Trusted Software Supply Chain solution in a move designed to help organizations ramp up security earlier in the supply chain.
The Red Hat Trusted Software Supply Chain platform provides software and services to help organizations tackle software supply chain threats early and strengthen their overall resilience to vulnerabilities.
The first of its three new additions – dubbed Red Hat Trusted Artifact Signer – is based on the open-source Sigstore project and aims to increase trust in software artifacts progressing through the supply chain. Available now, the tool enables developers to cryptographically sign and verify artifacts using a keyless certificate authority - without the need to manage a centralized key management system, Red Hat said.
The second, Red Hat Trusted Profile Analyzer, has been designed to simplify vulnerability management. The offering operates as a hub for security documentation such as Software Bill of Materials (SBOM) and Vulnerability Exploitability Exchange (VEX), enabling organizations to efficiently manage and analyze the composition of software assets and documentation of custom, third party, and open-source software. Trusted Profile Analyzer is also available now.
The third new offering, Red Hat Trusted Application Pipeline, bundles together the Trusted Artifact Signer and Trusted Profile Analyzer with Red Hat’s internal developer platform, Red Hat Developer Hub, to provide developer self-service templates loaded with security-focused software supply chain capabilities.
RELATED WHITEPAPER
Acting as a hub for validated software templates, Red Hat said organizations can leverage the tool to verify pipeline compliance and ramp up traceability and auditability in the CI/CD process through an automated chain of trust that validates artifact signatures, as well as provides provenance and attestations. Trusted Application Pipeline is currently in tech preview, with general availability expected later this quarter.
In an announcement, Red Hat said it is releasing its new offerings as organizations are increasingly looking to proactively integrate security protocols directly into their software processes.
ChannelPro Newsletter
Stay up to date with the latest Channel industry news and analysis with our twice-weekly newsletter
“Organizations are seeking to mitigate the risks of constantly evolving security threats in their software development - to keep and grow trust with users, customers and partners,” explained Sarwar Raza, vice president and general manager of Red Hat’s Application Developer Business Unit.
“Red Hat Trusted Software Supply Chain is designed to seamlessly bring security capabilities into every phase of the software development life cycle. From code time to runtime, these tools help increase transparency and trust and give DevSecOps teams the ability to lay the groundwork for a more secure enterprise without impacting developer velocity or cognitive load.”
Dan is a freelance writer and regular contributor to ChannelPro, covering the latest news stories across the IT, technology, and channel landscapes. Topics regularly cover cloud technologies, cyber security, software and operating system guides, and the latest mergers and acquisitions.
A journalism graduate from Leeds Beckett University, he combines a passion for the written word with a keen interest in the latest technology and its influence in an increasingly connected world.
He started writing for ChannelPro back in 2016, focusing on a mixture of news and technology guides, before becoming a regular contributor to ITPro. Elsewhere, he has previously written news and features across a range of other topics, including sport, music, and general news.
-
Geekom Mini IT13 Review
Reviews It may only be a mild update for the Mini IT13, but a more potent CPU has made a good mini PC just that little bit better
By Alun Taylor
-
Why AI researchers are turning to nature for inspiration
In-depth From ant colonies to neural networks, researchers are looking to nature to build more efficient, adaptable, and resilient systems
By David Howell
-
Red Hat just made three big changes to its developer hub – here’s what you need to know
News Red Hat has unveiled a raft of upgrades for Red Hat Developer Hub (RDHD), including support for a local version as well as new analytics.
By Nicole Kobie
-
Red Hat launches Build module as part of partner program refresh
News Red Hat has announced new changes to its partner program, including the launch of a new 'Build' module and go-to-market support capabilities.
By Daniel Todd
-
Red Hat eyes “clear pathways for collaboration” with new partner program updates
News The enhanced framework for Red Hat partners features a new modular design and fresh incentives
By Daniel Todd
-
Linux Blue Screen of Death gives users a taste of the dreaded Windows feature
News The Linux Blue Screen of Death has been added in a recent update
By Ross Kelly
-
Red Hat Enterprise Linux becomes foundational operating system for Cohesity Data Cloud
News New strategic partnership between Red Hat and Cohesity aims to drive innovation in the data security and management space
By Daniel Todd
-
Can the Open Enterprise Linux Association overcome Red Hat’s restrictions?
Analysis Defining how compatibility will be achieved is the crucial question in the Red Hat Enterprise Linux saga
By Richard Speed
-
AlmaLinux follows Oracle in ditching RHEL compatibility
News Application binary compatibility is now the aim with 1:1 now dropped
By Richard Speed
-
Can Oracle really be Linux's knight in shining armor?
Opinion The self-proclaimed champion of open source freedom would like you to forget about its history
By Richard Speed