Chapter 2. New features and enhancements
A list of all major enhancements, and new features introduced in this release of Red Hat Trusted Artifact Signer (RHTAS).
The features and enhancements added by this release are:
Enterprise Contract supports inspecting multiple architecture types for container images
With this release, Enterprise Contract (EC) now supports artifact verification, and policy enforcement on multiple architecture types for container images. The ec validate image
command can inspect individual container images for different system architectures from the image index.
Adding rule data by using a command line argument
With this release, you can inject additional rule data on the command line by using the --extra-rule-data
argument to the ec validate image
command. For example, you can use this to influence policies so that the behavior for a release pipeline can differ from the behavior in a continuous integration and continuous delivery (CICD) pipeline.
A new report format for Enterprise Contract when validating container images
With this release, the ec validate image
command can generate a new report format. You can use the --output text
argument with the ec validate image
command to produce a new user-friendly output format. This new report format provides details about the violations and warnings only. To view additional details use the JSON or YAML formats.
Support for OpenShift 4.16 and 4.17
With this release, we added support for the Trusted Artifact Signer service running on OpenShift Container Platform 4.16 and 4.17. Customers can install the RHTAS operator from OperatorHub on currently supported releases of OpenShift Container Platform.
Auto-closing for the confirmation page
With this release, we updated the gitsign
binary to version 0.10.2. This version enables the auto-closing feature for the Sigstore confirmation page. After a successful authentication, the confirmation page will close in 10 seconds.
Install Trusted Artifact Signer to different namespaces on the same OpenShift cluster
With this release, you can now install the RHTAS service in different namespaces on the same OpenShift cluster.
A new release channel for upgrades
With this release, we added the stable-v1.0
channel that users can subscribe to. Subscribing to this channel gives users automatic upgrades only to the 1.0.x release line. To receive all the latest updates for upcoming minor releases, then subscribe to the stable
channel. Also, with this release, we removed the alpha
channel.
Monitoring for Trillian
With this release, you can enable monitoring for the Trillian server. To enable monitoring, add the monitoring
stanza underneath the trillian
stanza, and set enabled
to true
for the Securesign instance. For example:
... trillian: monitoring: enabled: true ...
With monitoring enabled, you can view and query the collected metrics from the OpenShift web console by expanding Observe on the navigational menu, and clicking Metrics.
Monitoring for Certificate Transparency logs
With this release, you can enable monitoring for the Certificate Transparency logs (CTlog) server. To enable monitoring, add the monitoring
stanza underneath the ctlog
stanza, and set enabled
to true
for the Securesign instance. For example:
... ctlog: monitoring: enabled: true ...
With monitoring enabled, you can view and query the collected metrics from the OpenShift web console by expanding Observe on the navigational menu, and clicking Metrics.
Improvements to the segment backup jobs
With this release, the Trusted Artifact Signer service has several improvements to the segment backup jobs. Because of existing vulnerabilities, the segment backup jobs have been rewritten in Python, and verifies if cluster-level metrics are allowable.