Red Hat, Inc., the world’s leading provider of open source solutions, announced updates to Red Hat Trusted Software Supply Chain. These solutions advance the ability for customers to embed security into the software development life cycle, increasing software integrity earlier in the supply chain while adhering to industry regulations and compliance standards.
According to industry analyst firm IDC, “By 2027, 75% of CIOs will integrate cybersecurity measures directly into systems and processes to proactively detect and neutralize vulnerabilities, fortifying against cyberthreats and breaches.”1 Organizations are beginning to integrate security protocols directly into their software processes, shifting their reactive security measures to proactive ones in order to stop security breaches before they happen.
Red Hat Trusted Software Supply Chain delivers software and services that enhance an organization’s resilience to vulnerabilities, enabling them to identify and address potential issues early and mitigate them before they can be exploited. Organizations are now empowered to more efficiently code, build, deploy and monitor their software using proven platforms, trusted content and real-time security scanning and remediation.
Also Read: DYOPATH Introduces DYOGUARD: Redefining Cybersecurity Services
Based on the open source Sigstore project founded at Red Hat and now part of the Open Source Security Foundation, Red Hat Trusted Artifact Signer increases the trustworthiness of software artifacts moving through the software supply chain by enabling developers and stakeholders to cryptographically sign and verify the artifacts using a keyless certificate authority. With its identity-based signing through an integration with OpenID Connect, organizations can have greater confidence in the authenticity and integrity of their software supply chain without the overhead and hassle of managing a centralized key management system.
Development and security teams also need visibility and insight into the risk profile of an application’s codebase so that security threats and vulnerabilities can be identified proactively and minimized. Red Hat Trusted Profile Analyzer simplifies vulnerability management by providing a source of truth for security documentation, including Software Bill of Materials (SBOM) and Vulnerability Exploitability Exchange (VEX). Organizations can manage and analyze the composition of software assets and documentation of custom, third party and open source software without slowing down development or increasing operational complexity.
Organizations can use the offering to verify pipeline compliance and provide traceability and auditability in the CI/CD process with an automated chain of trust that validates artifact signatures, and offers provenance and attestations. Enterprise contracts, with vulnerability scanning and policy checking directly from the CI/CD pipeline, can stop suspicious build activity from being promoted into production.
These offerings are available as self managed, on-premise capabilities and can be layered onto application platforms, such as Red Hat OpenShift, or consumed separately, offering flexibility and choice to meet developers specific needs.
SOURCE: Businesswire