Red Hat Trusted Application Pipeline
What is Red Hat Trusted Application Pipeline?
Red Hat® Trusted Application Pipeline helps software development teams enhance security with automatic, integrated checks that catch vulnerabilities early in the software supply chain. Organizations can then curate their own trusted, repeatable pipelines that stay compliant to industry requirements.
Built on proven, trusted open source technologies, Red Hat Trusted Application Pipeline is part of Red Hat Trusted Software Supply Chain, a set of solutions to protect users, customers, and partners from risks and vulnerabilities in their software factory.
Features and benefits
Security-first development workspaces
Boost developer productivity with internal development platforms. Provide self-serve, validated software templates for building and deploying applications that follow defined security practices.
Integrated security checks
Scan and isolate security issues from existing integrated development environments (IDEs). Help development teams understand the impact of security threats with actionable insights and recommendations.
SBOM management at scale
Support a chain of trust across the software life cycle. Provide signed attestation and detailed provenance of software components with an auto generated Software Bill of Materials (SBOM) for each run of the CI/CD pipeline.
Tamper-proof cryptographic signing
Ensure integrity of software artifacts at every step of the CI/CD workflow. Digitally sign and account for every code submission through a transparent, immutable open source log of all activities.
Security-focused automated workflows
Verify compliance standards, including Supply chain Levels for Software Artifacts (SLSA) Level 3. Implement user configurable approval gates with vulnerability scanning and policy checking for traceability and visibility.
Red Hat Trusted Application Pipeline includes:
Red Hat Developer Hub is an open framework for building internal developer platforms.
Red Hat Trusted Profile Analyzer provides visibility into the risk profile of an application’s codebase.
Red Hat Trusted Artifact Signer protects the authenticity and integrity of software artifacts.
Continuous, trusted software releases
Competitive organizations face the challenge of balancing speed and security as they build and release software. Security checks are necessary to stop bad actors from inserting malicious code or exploiting known vulnerabilities. But in complex and fast-moving software development life cycles, development teams don’t always have the time and tools to manually review every component.
Red Hat Trusted Application Pipeline improves the trust and transparency of the CI/CD pipelines, with security-focused golden paths that ensure software adheres to corporate standards. With integrated security checks, software teams can catch vulnerabilities early in the life cycle, delivering valuable new software at scale while improving resiliency and safeguarding user trust.
Rely on Red Hat
Red Hat embraces an open ecosystem of security tools to mitigate against various threats. Recognizing that businesses need the flexibility to use any footprint that works best for them, Red Hat provides a common set of standards and consistency across environments. For example, Red Hat offers managed advanced Kubernetes container security for all major public cloud providers, delivering consistent security coverage no matter where containerized applications are deployed.
Red Hat brings more than 30 years of industry experience and a dedicated global product security team that monitors, identifies, and addresses vulnerabilities quickly.