New Red Hat offerings aim to secure software supply chain

SecurityWeek reports that Red Hat has rolled out new tools and services intended to help application companies reduce vulnerabilities in their software supply chain. The new tools, Red Hat Trusted Application Pipeline and Red Hat Trusted Content, join the Red Hat Trusted Software Supply Chain offering, whose goal is global adoption of DevSecOps practices and integration of security into each stage of the software development life cycle. The Red Hat Trusted Application Pipeline is a cloud service that provides an integrated CI/CD pipeline, allowing applications to be easily deployed onto Kubernetes platforms like Red Hat Open Shift with a few clicks. It also enables auto-generation of Software Bill of Materials within builds, source code inspection, and importation of git repositories, among other functions. Meanwhile, Red Hat Trusted Content comprises more than 10,000 trusted packages in Red Hat Enterprise Linux and various essential application runtimes on Java, Python, and Node ecosystems. Developers can peruse the tool to match their own open-source software dependencies against known vulnerabilities and security risks in real-time.