Red Hat Trusted Profile Analyzer

Use your software assets with confidence. Curate your trusted content by eliminating vulnerabilities early during development, that reduces security risks and costly rework in production.

Try Red Hat Trusted Analyzer with Red Hat Contact Us


It is essential to stay informed about your open source codebase to mitigate security flaws that could be introduced into the software. The importance of being fully transparent when securing applications has also spurred the need for delivering and managing Software Bills of Materials (SBOMs) and vulnerability remediation information.

Red Hat Trusted Profile Analyzer, part of Red Hat Trusted Software Supply Chain, manages your organization’s SBOMs, vendor VEX and CVE providing developers and devsecops with analysis of the organization’s risk profile. This analysis includes custom, third party, and open source software, or software components—for a shared system of record without slowing down development or increasing operational complexity.

Security and compliance

Find and fix vulnerabilities right from your IDE

Improve the quality and security of your code by using Red Hat dependency analytics. This component allows you to run software composition analysis (SCA) locally in your chosen integrated development environment (IDE) or directly from our streamline UI/UX. SCA helps identify existing vulnerabilities in the code and provide recommendations on how to fix them. The solution allows you to connect to the vulnerability database and SCA of choice or alternatively, you can use our fully SaaS solution.

Get the plug-in for VS Code               Get the plug-in for JetBrians/IntelliJ 

Get the plug-in for Tekton                   Get the plug-in for Jenkins 


Understand your application’s codebase dependencies to open source

Quickly learn about the relationships between existing applications and and its open source dependencies (including SBOMs, and exploitable vulnerabilities). Generate an automated chain of trust in Red Hat Trusted Application Pipeline that efficiently details provenance with signed attestations of build images to increase the security posture of your build systems. Analyze and estimate the blast radius of a given threat to help you make decisions about how to fix it.


Click here to learn more 


Securing data

Build trust in your application’s codebase

Quickly access vulnerability fixes and trusted, verified content without deviating your attention from building code. Choose the right dependencies for your source code and make sure possible threats are not left unchecked.


Securing data

Get valuable insights and recommendations

Simply identify direct and transitive dependencies, monitor exploitable vulnerabilities, and create an incident response framework to avoid security incidents from appearing in your production workloads.


Securing data

Save and retrieve your security documentation

Easily share security documentation (SBOM, VEX) for your source code, artifacts, and container images across the organization to ensure the right, verified components are used in your application codebase.

Community projects

Red Hat’s product development cycle has always been rooted in open source and the communities that help to steer Red Hat’s products’ direction. The projects listed here are the upstream versions of products that make up Red Hat Trusted Profile Analyzer.


Graph for Understanding Artifact Composition (GUAC) is a knowledge graph of software metadata to answer security and supply chain questions. The solution aggregates software security metadata into a high fidelity graph database after normalizing entity identities and mapping standard relationships between them. Querying this graph can drive higher-level organizational outcomes such as audit, policy, risk management, and even developer assistance.


This community focuses on making software supply chains easier to create, manage, consume and trust. Trustification consists of a collection of software that allows storing security documentation and metadata and helps analyzing and learning about the impact of vulnerability and dependency changes across your organization. The set of services provide support for storage and archival of SBOM and VEX documents, management of product metadata and access control, and access to a single pane of glass API and front end.


The Exhort project provides vulnerability and compliance analysis for your applications, directly from your IDE. It automatically analyzes your software composition and provides recommendations to address security holes and licensing issues. The initial release includes access to the Snyk Intel and Red Hat vulnerability databases, providing a centralized repository of both unique and known open source software security advisories.

Latest security articles

Supply Chain Security? Hey, I’m a developer—why should I care?

Supply Chain Security? Hey, I’m a developer—why should I care?

Featured image for Red Hat Trusted Software Supply Chain.
Apr 18, 2024

Red Hat Trusted Software Supply Chain is now available

Markus Nagel

Discover how Red Hat Trusted Software Supply Chain makes it easier to create,...

2020 Authentication Author Keycloak
Apr 15, 2024

Red Hat build of Keycloak high availability: A simplified approach

Mohammad Ahmad

Explore a highly available (or fault tolerant) Keycloak solution that you can...

Featured image for Red Hat JBoss Enterprise Application Platform.
Apr 01, 2024

Secure JBoss EAP apps with Microsoft Entra ID & OpenID Connect

Philip Hayes

Learn how to secure a simple JBoss EAP 8.0 web application with Microsoft...