Red Hat adds trio of new tools to its Trusted Software Supply Chain
The open-source giant said the additions will help organizations tackle vulnerabilities in their supply chains earlier and improve overall resiliency


Red Hat has introduced three new developer tools to its Red Hat Trusted Software Supply Chain solution in a move designed to help organizations ramp up security earlier in the supply chain.
The Red Hat Trusted Software Supply Chain platform provides software and services to help organizations tackle software supply chain threats early and strengthen their overall resilience to vulnerabilities.
The first of its three new additions – dubbed Red Hat Trusted Artifact Signer – is based on the open-source Sigstore project and aims to increase trust in software artifacts progressing through the supply chain. Available now, the tool enables developers to cryptographically sign and verify artifacts using a keyless certificate authority - without the need to manage a centralized key management system, Red Hat said.
The second, Red Hat Trusted Profile Analyzer, has been designed to simplify vulnerability management. The offering operates as a hub for security documentation such as Software Bill of Materials (SBOM) and Vulnerability Exploitability Exchange (VEX), enabling organizations to efficiently manage and analyze the composition of software assets and documentation of custom, third party, and open-source software. Trusted Profile Analyzer is also available now.
The third new offering, Red Hat Trusted Application Pipeline, bundles together the Trusted Artifact Signer and Trusted Profile Analyzer with Red Hat’s internal developer platform, Red Hat Developer Hub, to provide developer self-service templates loaded with security-focused software supply chain capabilities.
RELATED WHITEPAPER
Acting as a hub for validated software templates, Red Hat said organizations can leverage the tool to verify pipeline compliance and ramp up traceability and auditability in the CI/CD process through an automated chain of trust that validates artifact signatures, as well as provides provenance and attestations. Trusted Application Pipeline is currently in tech preview, with general availability expected later this quarter.
In an announcement, Red Hat said it is releasing its new offerings as organizations are increasingly looking to proactively integrate security protocols directly into their software processes.
ChannelPro Newsletter
Stay up to date with the latest Channel industry news and analysis with our twice-weekly newsletter
“Organizations are seeking to mitigate the risks of constantly evolving security threats in their software development - to keep and grow trust with users, customers and partners,” explained Sarwar Raza, vice president and general manager of Red Hat’s Application Developer Business Unit.
“Red Hat Trusted Software Supply Chain is designed to seamlessly bring security capabilities into every phase of the software development life cycle. From code time to runtime, these tools help increase transparency and trust and give DevSecOps teams the ability to lay the groundwork for a more secure enterprise without impacting developer velocity or cognitive load.”
Dan is a freelance writer and regular contributor to ChannelPro, covering the latest news stories across the IT, technology, and channel landscapes. Topics regularly cover cloud technologies, cyber security, software and operating system guides, and the latest mergers and acquisitions.
A journalism graduate from Leeds Beckett University, he combines a passion for the written word with a keen interest in the latest technology and its influence in an increasingly connected world.
He started writing for ChannelPro back in 2016, focusing on a mixture of news and technology guides, before becoming a regular contributor to ITPro. Elsewhere, he has previously written news and features across a range of other topics, including sport, music, and general news.
-
Security experts issue warning over the rise of 'gray bot' AI web scrapers
News While not malicious, the bots can overwhelm web applications in a way similar to bad actors
By Jane McCallion Published
-
Does speech recognition have a future in business tech?
Once a simple tool for dictation, speech recognition is being revolutionized by AI to improve customer experiences and drive inclusivity in the workforce
By Jonathan Weinberg Published
-
Red Hat launches Build module as part of partner program refresh
News Red Hat has announced new changes to its partner program, including the launch of a new 'Build' module and go-to-market support capabilities.
By Daniel Todd Published
-
Red Hat eyes “clear pathways for collaboration” with new partner program updates
News The enhanced framework for Red Hat partners features a new modular design and fresh incentives
By Daniel Todd Published
-
Linux Blue Screen of Death gives users a taste of the dreaded Windows feature
News The Linux Blue Screen of Death has been added in a recent update
By Ross Kelly Published
-
Red Hat Enterprise Linux becomes foundational operating system for Cohesity Data Cloud
News New strategic partnership between Red Hat and Cohesity aims to drive innovation in the data security and management space
By Daniel Todd Published
-
Can the Open Enterprise Linux Association overcome Red Hat’s restrictions?
Analysis Defining how compatibility will be achieved is the crucial question in the Red Hat Enterprise Linux saga
By Richard Speed Published
-
AlmaLinux follows Oracle in ditching RHEL compatibility
News Application binary compatibility is now the aim with 1:1 now dropped
By Richard Speed Published
-
Can Oracle really be Linux's knight in shining armor?
Opinion The self-proclaimed champion of open source freedom would like you to forget about its history
By Richard Speed Published
-
Red Hat: Distro vendors must abide by enterprise agreements amid source code ‘furor’
News Ongoing confusion around how distro development teams can work around Red Hat’s latest restrictions has prompted a response
By Richard Speed Published