Trust

Introducing Enterprise Contract

You may have heard of sigstore and its container image verification tool, cosign. This blog post introduces a policy-driven workflow, Enterprise Contract, built on those technologies. Note: Red Hat’s Emerging Technologies blog includes posts that discuss...

read more

Establishing a Secure Pipeline

In a recent post we walked through using Tekton and Cosign to build, sign and verify container images within Kubernetes. Red Hat utilizes OpenShift, signing and scanning in its own build systems to deliver release artifacts. Red Hat’s secure software delivery is...

read more

Signing Images

The release of Kubernetes 1.24 includes signed images, which highlights the importance of delivering secure images. Whether container images are being distributed to customers or run within your own datacenters, you must ensure that the assets within the software have...

read more

Sharding for Security and Scalability

Rekor, sigstore’s transparency log, recently reached an important milestone in its v0.6 release: it now supports log sharding.  Log sharding means that the entries associated with a single Rekor server can now be distributed among multiple backend logs, which...

read more

What is a Trusted Computing Base?

What does it mean for a system or component to be “trusted” in the world of computer systems?  And why does it matter? In this post, we’ll provide an overview of what a Trusted Computing Base (TCB) is and provide a framework for how to evaluate a TCB’s security....

read more

What Can You Do with a TPM?

Modern software is layers upon layers upon layers. Most of us only really work in one or two of those layers but we rely on all of the others below us to keep working. Not only do we rely on their performance and functionality, we rely on them for security. If we're...

read more

Enarx – project maturity update

It’s been a busy time since we announced Enarx and our vision for running workloads more securely to the world in August 2019.  At the time, we had produced a proof of concept demo, creating and attesting a Trusted Execution Environment (TEE) instance using AMD’s...

read more

Charting New Territories with Red Hat

In this video from Red Hat Summit 2018, Red Hat Chief Technology Officer Chris Wright gives a view into the future direction of Red Hat technologies. [youtube=https://www.youtube.com/watch?v=N_LLAroJrJo&w=560&h=315] Chris begins with an overview of how Red...

read more