Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Release Notes

Red Hat Trusted Profile Analyzer 1.1

Release notes for Red Hat Trusted Profile Analyzer 1.1.2

Red Hat Trusted Documentation Team

Abstract

Welcome to Red Hat Trusted Profile Analyzer's official release notes for version 1.1.2! The release notes describes new features, enhancements, known issues, bug fixes, and deprecation implemented for the Red Hat Trusted Profile Analyzer 1.1.2 software release.
Red Hat is committed to replacing problematic language in our code, documentation, and web properties. We are beginning with these four terms: master, slave, blacklist, and whitelist. Because of the enormity of this endeavor, these changes will be implemented gradually over several upcoming releases. For more details, see our CTO Chris Wright's message

Chapter 1. Introduction

Red Hat’s Trusted Profile Analyzer (RHTPA) is a proactive service that assists in risk management of Open Source Software (OSS) packages and dependencies. The Trusted Profile Analyzer service brings awareness to and remediation of OSS vulnerabilities discovered within the software supply chain.

The Red Hat Trusted Profile Analyzer documentation is available here.

Chapter 2. New features and enhancements

A list of all major enhancements, and new features introduced in this release of Red Hat Trusted Profile Analyzer (RHTPA).

The features and enhancements added by this release are:

Validating the serialNumber property in CycloneDX SBOM files

With this release, we added a process to validate the existence of the serialNumber property in a CycloneDX-formatted Software Bill of Materials (SBOM) file when uploading the SBOM to RHTPA. Uploading a CycloneDX SBOM file with no serialNumber gives an error message.

CVE impact to an SBOM

You can see Common Vulnerabilities and Exposures (CVE) data from the Open Source Vulnerability (OSV) database when scanning a software bill of materials (SBOM). By default, scanning an SBOM gives you all the publicly collected vulnerabilities affecting the packages that make up the SBOM.

Chapter 3. Bug fixes

In this release of Red Hat Trusted Profile Analyzer (RHTPA), we fixed the following bugs.

Uploading a CycloneDX SBOM with control characters fails

When uploading a CycloneDX-formatted software bill of materials (SBOM) file to RHTPA you can get parsing errors when control characters are present, such as \n. With this release, we fixed the validation logic when uploading a CycloneDX-formatted SBOM file so you can successfully upload an SBOM file into RHTPA.

Fixed inconsistent vulnerability information displayed on the SBOM details page

Only a subset of related vulnerability data was being reported on the software bill of materials (SBOM) details page. With this release, we fixed this reporting problem. You now have consistent results no matter where you are viewing the vulnerability data with RHTPA.

Validating the serialNumber string for compliance

The serialNumber property’s string value in CycloneDX-formatted software bill of materials (SBOM) files must match a certain regular expression. With this release, we check the serialNumber string to see if it conforms to the compliancy standard set by CycloneDX.

Legal Notice

Copyright © 2024 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.