Red Hat Trusted Profile Analyzer

Use your software assets with confidence. Curate your trusted content by eliminating vulnerabilities early during development, that reduces security risks and costly rework in production.

Try Red Hat Trusted Profile Analyzer Contact Us

It is essential to stay informed about your open source codebase to mitigate security flaws that could be introduced into the software. The importance of being fully transparent when securing applications has also spurred the need for delivering and managing Software Bills of Materials (SBOMs) and vulnerability remediation information.

Red Hat Trusted Profile Analyzer, part of Red Hat Trusted Software Supply Chain, manages your organization’s SBOMs, vendor VEX and CVE providing developers and devsecops with analysis of the organization’s risk profile. This analysis includes custom, third party, and open source software, or software components—for a shared system of record without slowing down development or increasing operational complexity.

Red Hat Trusted Profile Analyzer provides the storage and management means for Software Bills of Materials (SBOMs), with cross-referencing capabilities between SBOMs and CVEs/Security Advisories that are continuously ingested from trusted sources (such as Red Hat).

Red Hat Trusted Profile Analyzer documentation

Find and fix vulnerabilities right from your IDE

Improve the quality and security of your code by using Red Hat dependency analytics. This component allows you to run software composition analysis (SCA) locally in your chosen integrated development environment (IDE) or directly from our streamline UI/UX. SCA helps identify existing vulnerabilities in the code and provide recommendations on how to fix them. The solution allows you to connect to the vulnerability database and SCA of choice or alternatively, you can use our fully SaaS solution.

Get the plug-in for VS Code Get the plug-in for JetBrians/IntelliJ

Get the plug-in for Tekton Get the plug-in for Jenkins

Understand your application’s codebase dependencies to open source

Quickly learn about the relationships between existing applications and and its open source dependencies (including SBOMs, and exploitable vulnerabilities). Generate an automated chain of trust in Red Hat Trusted Application Pipeline that efficiently details provenance with signed attestations of build images to increase the security posture of your build systems. Analyze and estimate the blast radius of a given threat to help you make decisions about how to fix it.

Click here to learn more

Benefits

Build trust in your application’s codebase

Quickly access vulnerability fixes and trusted, verified content without deviating your attention from building code. Choose the right dependencies for your source code and make sure possible threats are not left unchecked.

Get valuable insights and recommendations

Simply identify direct and transitive dependencies, monitor exploitable vulnerabilities, and create an incident response framework to avoid security incidents from appearing in your production workloads.

Save and retrieve your security documentation

Easily share security documentation (SBOM, VEX) for your source code, artifacts, and container images across the organization to ensure the right, verified components are used in your application codebase.

Community projects

Red Hat’s product development cycle has always been rooted in open source and the communities that help to steer Red Hat’s products’ direction. The projects listed here are the upstream versions of products that make up Red Hat Trusted Profile Analyzer.

GUAC

Graph for Understanding Artifact Composition (GUAC) is a knowledge graph of software metadata to answer security and supply chain questions. The solution aggregates software security metadata into a high fidelity graph database after normalizing entity identities and mapping standard relationships between them. Querying this graph can drive higher-level organizational outcomes such as audit, policy, risk management, and even developer assistance.

Explore

Trustification

This community focuses on making software supply chains easier to create, manage, consume and trust. Trustification consists of a collection of software that allows storing security documentation and metadata and helps analyzing and learning about the impact of vulnerability and dependency changes across your organization. The set of services provide support for storage and archival of SBOM and VEX documents, management of product metadata and access control, and access to a single pane of glass API and front end.

Explore

Exhort

The Exhort project provides vulnerability and compliance analysis for your applications, directly from your IDE. It automatically analyzes your software composition and provides recommendations to address security holes and licensing issues. The initial release includes access to the Snyk Intel and Red Hat vulnerability databases, providing a centralized repository of both unique and known open source software security advisories.

Explore