more governance and management regarding material cybersecurity risks, incidents. White House Cyber Executive Order 14028 European Union Cyber Resilience Act Government Cybersecurity Regulations NSA Cybersecurity Collaboration Center (CCC) National Institute of Standards and Technology (NIST) Cybersecurity and Infrastructure Security Agency (CISA) European Union Agency for Cybersecurity (ENISA) Cybersecurity Agency Frameworks and Directives [1] SEC Final Rule - Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure
activities have highlighted its importance Evolution of the DevOps movement which also includes a security component where there is increased involvement from security teams and methodologies DevSecOps Movement Recent actions by governments across the world have begun to mandate certain steps be implemented in order to utilize software produced or utilized from external sources Government Regulations Organizations are looking for additional methods for securing the content they produce and use Initiatives to Drive Increased Security
vulnerabilities Applying cryptographic signature to software assets Signing Defining and enforcing conditions that a software asset may comply with in order for it to be used Policy Management/Enforcement Tools and processes to better understand the software being produced and its components/dependencies (SBOM’s) Software Composition Scanning
code and transitive dependencies Software supply chain security considerations for the software development lifecycle Prevent & identify malicious code Continuously monitor security at runtime
components, processes and practices early in your software factory Trust, transparency in code management with integrated templates, guardrails for security-focused pipelines *Note: Red Hat Trusted Application Pipeline is a single product SKU that includes RHDH, RHTAS, RHTPA. + + NEW! NEW! NEW! Roadmap items are subject to change without notice = 20
Preventing Mistakes Automated Build Process Generated provenance about source, build process, artifact and dependencies Preventing tampering after the build Generated, signed and verifiable provenance Preventing tampering during the build Prevent runs from influencing one another, prevent secret material used to sign provenance from being accessible by the end-user’s defined steps 21 https://slsa.dev/spec/v1.0/levels
Dependencies git commit code repo git pull (maven) package Container build push to registry K8s deployment definition(s) deploy Base images pom.xml requirements.txt go.mod gitops repo Pipeline Pipeline Red Hat Dependency Analytics Red Hat Trusted Content gitsign verify Red Hat OpenShift cosign sign image generate SBOM Red Hat Trusted Profile Analyzer Generates and signs build pipeline provenance, attestation Verify SLSA compliance Continuous security scans of stored images Red Hat Advanced Cluster Security w/ gitsign Red Hat OpenShift GitOps 24
more than half of their legacy applications in the next 2 years. Source: The Newstack 80% 80% Application Modernization Rise of Generative AI of Enterprises will have deployed Generative AI-Enabled Applications by 2026 Source: Gartner 76% of organizations say the cognitive load is so high that it is a source of low productivity. Gartner predicts 75% of companies will establish platform teams for application delivery. Source: Salesforce Source: Gartner Developer Productivity Average annual increase in software supply chain attacks over the past three years. 45% of organizations will experience attacks. Is a matter of when, not if. Source: Sonatype 742% Software Supply Chain Security
that it is a source of low productivity. Gartner predicts 75% of companies will establish platform teams for application delivery. Source: Salesforce Source: Gartner
Topic 2.Sends the interaction 3. Updates the UI Dashboard: Green Energy Nickname Team Push to generate energy Cars that needs energy Two teams competing (top 5 players) First wins
leading provider of enterprise open source software solutions. Award-winning support, training, and consulting services make Red Hat a trusted adviser to the Fortune 500. Thank you Optional section marker or title