Red Hat has introduced three new developer tools to its Red Hat Trusted Software Supply Chain solution in a move designed to help organizations ramp up security earlier in the supply chain.
The Red Hat Trusted Software Supply Chain platform provides software and services to help organizations tackle software supply chain threats early and strengthen their overall resilience to vulnerabilities.
The first of its three new additions – dubbed Red Hat Trusted Artifact Signer – is based on the open-source Sigstore project and aims to increase trust in software artifacts progressing through the supply chain. Available now, the tool enables developers to cryptographically sign and verify artifacts using a keyless certificate authority - without the need to manage a centralized key management system, Red Hat said.
The second, Red Hat Trusted Profile Analyzer, has been designed to simplify vulnerability management. The offering operates as a hub for security documentation such as Software Bill of Materials (SBOM) and Vulnerability Exploitability Exchange (VEX), enabling organizations to efficiently manage and analyze the composition of software assets and documentation of custom, third party, and open-source software. Trusted Profile Analyzer is also available now.
The third new offering, Red Hat Trusted Application Pipeline, bundles together the Trusted Artifact Signer and Trusted Profile Analyzer with Red Hat’s internal developer platform, Red Hat Developer Hub, to provide developer self-service templates loaded with security-focused software supply chain capabilities.
RELATED WHITEPAPER
Acting as a hub for validated software templates, Red Hat said organizations can leverage the tool to verify pipeline compliance and ramp up traceability and auditability in the CI/CD process through an automated chain of trust that validates artifact signatures, as well as provides provenance and attestations. Trusted Application Pipeline is currently in tech preview, with general availability expected later this quarter.
In an announcement, Red Hat said it is releasing its new offerings as organizations are increasingly looking to proactively integrate security protocols directly into their software processes.
“Organizations are seeking to mitigate the risks of constantly evolving security threats in their software development - to keep and grow trust with users, customers and partners,” explained Sarwar Raza, vice president and general manager of Red Hat’s Application Developer Business Unit.
“Red Hat Trusted Software Supply Chain is designed to seamlessly bring security capabilities into every phase of the software development life cycle. From code time to runtime, these tools help increase transparency and trust and give DevSecOps teams the ability to lay the groundwork for a more secure enterprise without impacting developer velocity or cognitive load.”
-
Geekom Mini IT13 ReviewReviews It may only be a mild update for the Mini IT13, but a more potent CPU has made a good mini PC just that little bit better
-
Why AI researchers are turning to nature for inspirationIn-depth From ant colonies to neural networks, researchers are looking to nature to build more efficient, adaptable, and resilient systems
-
Red Hat just made three big changes to its developer hub – here’s what you need to knowNews Red Hat has unveiled a raft of upgrades for Red Hat Developer Hub (RDHD), including support for a local version as well as new analytics.
-
Red Hat launches Build module as part of partner program refresh
News Red Hat has announced new changes to its partner program, including the launch of a new 'Build' module and go-to-market support capabilities.
-
Red Hat eyes “clear pathways for collaboration” with new partner program updatesNews The enhanced framework for Red Hat partners features a new modular design and fresh incentives
-
Linux Blue Screen of Death gives users a taste of the dreaded Windows featureNews The Linux Blue Screen of Death has been added in a recent update
-
Red Hat Enterprise Linux becomes foundational operating system for Cohesity Data CloudNews New strategic partnership between Red Hat and Cohesity aims to drive innovation in the data security and management space
-
Can the Open Enterprise Linux Association overcome Red Hat’s restrictions?Analysis Defining how compatibility will be achieved is the crucial question in the Red Hat Enterprise Linux saga
-
AlmaLinux follows Oracle in ditching RHEL compatibilityNews Application binary compatibility is now the aim with 1:1 now dropped
-
Can Oracle really be Linux's knight in shining armor?Opinion The self-proclaimed champion of open source freedom would like you to forget about its history
