At its own conference this week, Red Hat unveiled Trusted Software Supply Chain, an offering comprised of two new cloud services.

Trusted Software Supply Chain was presented at Red Hat’s own conference this week. The service includes two new cloud services: Trusted Application Pipeline and Trusted Content.

The danger

The rapidly growing trend of using open source code in software packages has increased the risk of attacks. Research has shown that open source code can be found in more than nine out of ten codebases, and eighty percent of those have at least one vulnerability. Often due to missing updates.

According to Red Hat, the number of software supply chain attacks has increased by a whopping 740 percent over the past three years. Yearly.

Offer

That’s why Red Hat offers a catalog of tens of thousands of trusted packages running on Red Hat Enterprise Linux, as well as a catalog for Java, Node, and Python.

Trusted Application Pipeline is a continuous integration and delivery mechanism that simplifies the application of the processes, skills, and technologies Red Hat uses to develop its production software.

Trusted Content – available as a service preview in a few weeks – provides real-time information about vulnerabilities and security risks in the open-source components of software. The system also suggests risk mitigation steps and provides access to open source software that Red Hat creates and monitors itself.

According to CEO Sudhir Prasad, with Trusted Software Supply Chain developers can actually provide their customers with the necessary information about the origin of their software, just like Red Hat itself.

More security news

Red Hat is also introducing an Advanced Cluster Security Cloud Service, which as a cloud service includes the same security capabilities found in the Kubernetes container orchestrator. However, the system is completely independent and can be deployed in minutes, according to Red Hat.

The Advanced Cluster Security Cloud Service was developed by StackRox Inc., which has been owned by Red Hat for two years. The service supports Red Hat OpenShift in both private and public clouds, as well as Kubernetes services for various cloud providers.