Red Hat Trusted Application Pipeline

Shift security left in the software supply chain

Get started with Red Hat Trusted Application Pipeline Contact Us

Catch vulnerabilities early with a self-serve developer experience imbued with the organization’s security practices, for distributed teams to comply with security and compliance requirements. Development teams leverage solution templates with integrated security checks to standardize and expedite security-focused golden paths with Red Hat Trusted Application Pipeline. Remove toil in finding and fixing vulnerabilities early. Increase security posture in the CI/CD pipeline with an automated chain of trust that verifies compliance are met.

Red Hat Trusted Application Pipeline validates artifacts signatures, provenance, and attestations to stop suspicious build activity from being promoted.

Red Hat Trusted Application Pipeline is generally available now

Start curating your own trusted content and increase the security posture in your pipelines. With Red Hat Trusted Application Pipeline, increase transparency and trust early in code-time while safeguarding the build systems from a self-serve developer hub:

See what’s new in Red Hat Trusted Application Pipeline

Red Hat Trusted Application Pipeline documentation

Security and compliance

Standardized security-focused golden paths that removes cognitive load to increase developer confidence for ever-evolving security threats.

Automation

Simplify vulnerability management for teams to find and fix issues early without the rework at production and increase service reliability.

performance

Increase trustworthiness of artifacts to tamper-proof code in software delivery for a chain of custody that ensures software supply chain integrity.

UBI

Verify pipeline compliance with automated provenance and attestation that prevents suspicious activity from being promoted to improve resiliency.

Automatically index and analyze newly pushed images against vulnerability databases, to report on the latest CVEs in real-time and minimize operational risk.

UBI

Employ Kubernetes-native security controls to enforce security policies for declarative and continuous security that provides for more predictable delivery.

Red Hat Trusted Application Pipeline performs numerous checks on your software artifacts and predefined dependencies for CVEs just as code is written. We also prevent source code injection and image poisoning in your build system each time when pull requests are triggered to merge code for new builds. This means, you can:

Save developer time and reduce cognitive load using customizable, validated templates with integrated safeguards to stay compliant with security requirements. Expedite onboarding of security workflows from a centralized, self-managed software catalog backed by an extensive ecosystem of plugins, modular extensions to stay focused on building and shipping code faster.

Prevent and identify malicious code early with dependency analytics that scans software components for vulnerabilities directly from the IDE, to map and evaluate the impact radius of security threats. Generate and manage SBOMs and VEXs stored in a system of record, to index and query security documentation for actionable insights and recommendations.

Safeguard build systems from poisoned pipelines with an automated chain of trust for each pull request that validates artifact signatures, attestations and confirms on the expected build process. Enterprise contracts integrated with cryptographic verification tools, enforces security policies based on SLSA requirements, to continuously deploy to an auditable, immutable state.

Tamper-proof software artifacts with digital signatures at every step of the CI/CD workflow through a keyless management system. Enhance transparency and accountability with OpenID Connect integrations for identity-based signing backed by auditable transparency logs from an immutable ledger that’s shared, for stronger software supply chain integrity, authenticity.

Constantly analyze images in storage for the latest vulnerabilities to mitigate security risks before releasing images into production. Securely store and share the use of containerized software to development and production from a container registry platform that’s seamlessly integrated into the build system. Distribute Open Container Initiative content including application signatures, SLSA attestations and software bill of materials (ie .sig, .att, .sbom) - all from a trusted image registry.

Continuously monitor the build environment with vulnerability scanning and policy checking directly from the CI/CD pipeline - no package managers, no wget required. Deliver a robust supply chain security with comprehensive monitoring and threat detection capabilities that proactively identify and mitigate vulnerabilities to ensure the integrity and security of containerized application workload and their Kubernetes environments.

Integrations

Red Hat Trusted Application Pipeline offers flexibility and choice to customers for these self managed, on-premise capabilities to be easily layered onto application platforms like Red Hat OpenShift, or be consumed in parts to meet their developers where they are. Parts such as Red Hat Developer Hub, Red Hat Trusted Profile Analyzer, Red Hat Trusted Artifact Signer that can be sold separately.

Security and compliance

Red Hat Developer Hub enhances developer onboarding speed, productivity, and collaboration through an open platform, while reducing cognitive load and frustration for engineering organizations.

Red Hat Trusted Profile Analyzer offers actionable insights from software assets’ security documentation, helping development teams build security into their applications without increasing operational complexity.

performance

Red Hat Trusted Artifact Signer provides tools for digital signature creation and validation to protect the authenticity and integrity of software artifacts across the software supply chain.

UBI

Red Hat OpenShift is an enterprise-ready application platform with deployment and infrastructure options that support every application and environment, for development teams to build new applications and modernize existing ones.