Techly NewsGet the app

Get the latest tech news

Red Hat Upgrades Its Pipeline-Securing (and Verification-Automating) Tools


SiliconANGLE reports that to help organizations detect vulnerabilities earlier, Red Hat has "announced updates to its Trusted Software Supply Chain that enable organizations to shift security 'left' in the software supply chain." Red Hat announced Trusted Software Supply Chain in May 2023, pitchin...

Based on the open-source Sigstore project [founded at Red Hat and now part of the Open Source Security Foundation], Trust Artifact Signer allows developers to sign and verify software artifacts cryptographically without managing centralized keys, to enhance trust in the software supply chain. The second new release, Red Hat Trusted Profile Analyzer, provides a central source for security documentation such as Software Bill of Materials and Vulnerability Exploitability Exchange. Specifically, Red Hat's announcement says organizations can use their new Trust Application Pipeline feature "to verify pipeline compliance and provide traceability and auditability in the CI/CD process with an automated chain of trust that validates artifact signatures, and offers provenance and attestations."

Get the Android app

Or read this on Slashdot

Read more on:

Photo of tools

tools

Photo of pipeline

pipeline

Photo of securing

securing

Related news:

News photo

LinkedIn testing Premium Company Page subscription with AI-assisted content creation

News photo

Adobe Premiere Pro Gains AI Tools to Add and Remove Objects From Videos, Extend Clips and More

News photo

Farmers have clamored for the Right to Repair for years. It’s getting little traction in John Deere’s home state. The Farm Bureau agreed not to support R2R legislation in exchange for consumer repair diagnostics. Farmers and repair advocates say the tools fall short.

« Data Centers Are Turning to an Old Source of Power: Coal
Ocean Spray Emits More PFAS Than Industrial Polluters, Study Finds »