Red Hat expands its DevSecOps capabilities

Red Hat added three new tools to its DevSecOps portfolio today to help developers create cloud-native applications that are more secure.

The Red Hat Trusted Artifact Signer, a tool built on the open source Sigstore project that cryptographically adds signatures to code presently being advanced under the Open Source Security Foundation's auspices, is the first of several contributions to the Red Hat Trusted Software Supply Chain. With Red Hat Trusted Profile Analyzer, you can manage and analyze the documentation of open source, third-party, and bespoke software. It may be used to create software bills of materials (SBOMs) automatically, for example.

Red Hat provides an application pipeline that includes Red Hat Trusted Profile Analyzer and Red Hat Trusted Artifact Signer with Red Hat Developer Hub, a development platform based on open source Backstage software originally created by Spotify. This pipeline gives developers a set of guidelines and templates for creating safe applications.

The Red Hat Trusted Application Pipeline and Red Hat Trusted Artifact Signer are both readily available. Red Hat Trusted Profile Analyzer is anticipated to be generally accessible this quarter and is currently available in tech preview. The Red Hat Trusted Software Supply Chain offering includes Red Hat Advanced Cluster Security, Red Hat Trusted Content, Red Hat Trusted Application Pipeline, and Quay, an open source registry.

Sudhir Prasad, Red Hat's director of product management for Trusted Software Supply Chain, aims to bring DevSecOps capabilities to developers earlier in the process, as they build cloud-native applications.

The challenge is to find ways to develop and implement modern cloud-native apps without slowing down the process, especially when software is crucial for businesses.