Red Hat is expanding its Red Hat Trusted Software Supply Chain solution with new offerings that will enable customers to ensure software components are verified and secured.
The first new addition is Red Hat Trusted Artifact Signer, now generally available, which allows developers to cryptographically sign and verify application artifacts with a keyless certificate authority.
According to Red Hat, the benefit of this new offering is that it enables organizations to be more confident about the integrity of software without having to manage a centralized key management system.
Next, the company announced Red Hat Trusted Profile Analyzer, also now generally available, which provides a single source of truth for documentation like Software Bill of Materials (SBOMs) and Vulnerability Exploitability Exchange (VEX).
And finally, Red Hat Trusted Application Pipeline, now in beta, incorporates supply chain security capabilities into software templates that developers use. The company explained that this new offering will provide more traceability and auditability throughout the CI/CD pipeline.
“Organizations are seeking to mitigate the risks of constantly evolving security threats in their software development – to keep and grow trust with users, customers and partners,” said Sarwar Raza, vice president and general manager of the Application Developer Business Unit at Red Hat. “Red Hat Trusted Software Supply Chain is designed to seamlessly bring security capabilities into every phase of the software development life cycle. From code time to runtime, these tools help increase transparency and trust and give DevSecOps teams the ability to lay the groundwork for a more secure enterprise without impacting developer velocity or cognitive load.”