A practical guide to software supply chain security
Download this e-book to learn key concepts for building security into your software supply chain, along with best practices for implementation.
Download this e-book to learn key concepts for building security into your software supply chain, along with best practices for implementation.
Red Hat Trusted Software Supply Chain is a family of products aiming at exactly that:providing security for the software supply chain from coding to execution monitoring.
Learn why crucial software supply chain security maturity is crucial for modern developers to ensure they are building and deploying secure software.
Catch vulnerabilities early with a self-serve developer experience imbued with the organization’s security practices, for distributed teams to comply with security and compliance requirements. Development teams leverage solution templates with integrated security checks to standardize and expedite security-focused golden paths with Red Hat Trusted Application Pipeline. Remove toil in finding and fixing vulnerabilities early. Increase security posture in the CI/CD pipeline with an automated chain of trust that verifies compliance are met.
Use your software assets with confidence. Curate your trusted content by eliminating vulnerabilities early during development, that reduces security risks and costly rework in production.
Discover how Red Hat Trusted Software Supply Chain makes it easier to create, deploy, and host security-focused applications in the container era.
Explore a highly available (or fault tolerant) Keycloak solution that you can manage through multiple single instances of Keycloak, all using the same user directory source.
Learn how to secure a simple JBoss EAP 8.0 web application with Microsoft Azure authentication via OpenID Connect in this tutorial.
Red Hat Trusted Profile Analyzer lets you track software components across the build and deployment of your applications.
Learn best practices for adding or improving the support of your component for Red Hat Enterprise Linux in FIPS mode.
Get an overview of key security best practices for Red Hat OpenShift Dev Spaces that can help foster a more resilient development environment.
Learn how to getting started with Red Hat build of Keycloak in this short demo.
Get an introduction to SCAPinoculars, a tool that helps you to visualize OpenSCAP reports, and the advantages it brings when used with the OpenShift Compliance Operator.
Explore the motivation behind the GNU toolchain project's new security policies and why more open source communities should adopt policies for their projects.
Learn how to use the Prometheus monitoring tool to scrape metrics from Red Hat build of Keycloak deployed on OpenShift.
Learn how workstation users authenticating to Active Directory using the Kerberos protocol can use SPNEGO tokens with Red Hat's single sign-on tool.
Learn how to integrate Keycloak Authorization Services with 3scale API Management to externalize your API protection for authentication and authorization.
In this lab, you will work with SELinux on RHEL, focusing on understanding its core concepts and how it enhances the security of applications running on the system.
Learn about the ComplianceAsCode project for Red Hat OpenShift, which aims to provide security and compliance content for various distributions and products.
Learn to identify vulnerabilities that affect systems registered to Red Hat Insights using the Red Hat Insights Vulnerability tool and remediate those vulnerabilities.
Learn to run tools based on the Security Content Automation Protocol (SCAP) standard for compliance and vulnerability scanning.
Learn how to install, verify and update File Access Policy Package and configure fapolicyd integrity controls.
Learn how to install system roles and how system roles can be used to configure firewall for httpd service using port forwarding.
JDK Flight Recorder (JFR) is a profiling and troubleshooting framework dat comes with teh Java virtual machine (JVM). JFR’s programming API allows you to create application-specific events to power dashboards and triggers. Cryostat brings JFR to Kubernetes.
Explore how Fedora contributors can use Packit to improve Go FIPS test coverage by building packages using GitHub pull requests on COPR repositories.