1.0.2 Maintenance Release Announcement
In case you were wondering why there hasn’t been an update to Red Hat Trusted Application Pipeline - oh, there have been two maintenance releases now.
As per Red Hat policy, we don't update the main documentation stream with every maintenance release published. This is why you may not have noticed any changes, as the documentation remains at version 1.0:
https://docs.redhat.com/en/documentation/red_hat_trusted_application_pipeline
Therefore, it’s always a good idea to check out the release notes - as these are updated with maintenance release changes.
However, we’d like to take the opportunity to thank all customers and users (in other words - YOU!) for providing feedback via contacting support for questions, issues or the need for clarification!
Note: If you’re hesitant to open a support case (you shouldn’t be, that’s one of the benefits of a Red Hat subscription) you can contact us at rhtap-support@redhat.com with any question or suggestion you might have.
As a result of your valuable feedback, here are some noteworthy fixes and changes (among others) with the current version (1.0.2):
Latest version of Red Hat Trusted Profile Analyzer
When Red Hat Trusted Application Pipeline was first released, Trusted Profile Analyzer was still in Tech Preview and as such, the latest version of the upstream project (Trustification) was utilized.
Now, with the General Availability (GA) of Red Hat Trusted Profile Analyzer, it incorporates the latest version of SBOM, Security Advisory (VEX), and vulnerability (CVE) management from Red Hat.
Smooth install with existing Operators
Some customers experienced problems during installation on an OpenShift cluster with pre-installed OpenShift GitOps and/or OpenShift Pipelines Operators.
During its installation, Red Hat Trusted Application Pipeline installs these Operators and in some cases conflicts arose, leading to a failed Red Hat Trusted Application Pipeline installation (leaving the existing Operators untouched by design).
Installing the latest version will acknowledge the existing Operators correctly.
What is Red Hat Trusted Application Pipeline anyway?
If we have lost you at this point, Red Hat Trusted Application Pipeline (RHTAP) empowers you to streamline and secure your entire DevSecOps CI/CD process by combining (and installing)
and wiring them together with OpenShift Pipelines, OpenShift GitOps, Red Hat Advanced Cluster Security for Kubernetes and Red Hat Quay.
While each of these products can be installed and configured independently, Red Hat Trusted Application Pipeline does that with one convenient installer, providing you with a Red Hat opinionated Trusted Software Supply Chain that you can then tailor to your needs (or use as installed).
