Red Hat Trusted Application Pipeline is a comprehensive solution designed to help software development teams improve security throughout the software supply chain. It offers automatic, integrated checks to identify vulnerabilities early in the development process, allowing organizations to create trusted, repeatable pipelines that maintain compliance with industry requirements.

Key Features

Security-first development workspaces Boost developer productivity with internal development platforms

• Self-serve, validated software templates
• Building and deploying applications following defined security practices

Integrated security checks Scan and isolate security issues from existing IDEs

• Actionable insights and recommendations
• Help development teams understand security threat impacts

SBOM management at scale Support a chain of trust across the software life cycle

• Auto-generated Software Bill of Materials (SBOM) for each CI/CD pipeline run
• Signed attestation and detailed provenance of software components

Tamper-proof cryptographic signing Ensure integrity of software artifacts throughout the CI/CD workflow

• Digital signing for every code submission
• Transparent, immutable open source log of all activities

Security-focused automated workflows Verify compliance standards, including SLSA Level 3

• User-configurable approval gates
• Vulnerability scanning and policy checking for traceability and visibility

Benefits

Enhanced security Improve software supply chain security

• Early vulnerability detection
• Compliance with industry requirements

Increased productivity Streamline development processes

• Self-serve development platforms
• Automated security checks integrated into existing workflows

Improved trust and transparency Build confidence in software releases

• Detailed provenance and attestation
• Tamper-proof cryptographic signing