 |
VOOZH | about |
|
VOOZH | about |
We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.
Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.
Follow TNS on your favorite social media networks.
Become a TNS follower on LinkedIn.
Check out the latest featured and trending stories while you wait for your first TNS newsletter.
When DevOps sped up deployment and update rates to unheard-of speeds. We loved it. When our security blunders accelerated at the same pace, we weren’t so happy. So, DevSecOps was created to bring security into the production cycle’s beginning. Now, at Red Hat Summit in Boston, Linux and cloud power Red Hat is embracing DevOpsSec security throughout its product and service lineup.
Now, if you’re a Linux admin, you already know Red Hat is the leading Linux security company. The first place you look when you hear about a new security bug is the Red Hat Security Center, even if you’re running Debian or Ubuntu. Moving forward, Red Hat is bringing its attention to security and is introducing a software supply chain security pattern across hybrid cloud environments. This means from on-premises to multicloud to the edge and the entire software stack.
How? By delivering via Red Hat OpenShift, complete pattern stacks as code that defines, builds, and tests the necessary software configurations. While only a preview today, this software supply chain security pattern brings together the components you need to build your cloud native applications from trusted components.
It does this by using a Kubernetes-native, continuously-integrated pipeline through Red Hat OpenShift Pipelines and Red Hat OpenShift GitOps. This will let you make software safer while managing version control, helping to reduce complexity and save time.
“IT security isn’t tied to a software edition or an add-on module; it needs to be baked into whatever technology an organization chooses, starting from the operating system foundation to the application level,” said Vincent Danen, vice president, Product Security, Red Hat. “This is Red Hat’s commitment to DevSecOps — making security not something bolted on, but a seamless integral part of moving applications from development to production to assist IT teams, both technically and organically.”
Additionally, through Tekton Chains, the pattern will incorporate Sigstore. This open source project makes cryptographic code-signing easier. Already adopted in Kubernetes 1,24, Sigstore makes it easier for artifacts to be signed in the pipeline itself rather than after application creation. By moving security left, it improves software supply chain security by making it easy to cryptographically sign release files, container images, and binaries. Once signed, the signing record is kept in a tamper-proof public log. The sigstore will be free to use by all developers and software providers. This gives software artifacts a safer chain of custody that can be secured and traced back to their source.
In a related development, with Red Hat Ansible Automation Platform 2.2, Red Hat is introducing a technical preview of Ansible content signing technology. This enables you to validate that the automation content being executed is verified and trusted.
In production, this will be rolled out in Red Hat Advanced Cluster Security for Kubernetes. This will include:
If you’re using Red Hat Enterprise Linux (RHEL), and let’s face it, if you’ve read this far, chances are you’re running RHEL, or one of its close cousins, the new RHEL 9 comes with bigtime security improvements. These include:
Additional key security features in Red Hat Enterprise Linux 9 include:
Put it all together and while most of Red Hat’s DevSecOps are still works-in-progress, the future is looking secure in the Red Hat-based cloud future.
