Chapter 2. Frequently asked questions


Do you have questions about Trusted Profile Analyzer? Here is a collection of common questions and their answers to help you understand more about Red Hat’s Trusted Profile Analyzer service.

Q:

What is Red Hat’s Trusted Profile Analyzer service?

A:

Red Hat’s Trusted Profile Analyzer service is a proactive service that helps you evaluate the security and vulnerability risks of using Open Source Software (OSS) packages and dependencies in your application stack.

Q:

How can I use Red Hat’s Trusted Profile Analyzer service?

A:

There are two ways you can use Red Hat’s Trusted Profile Analyzer service. First, by using the Dependency Analytics extension for integrated development environment (IDE) platforms, such as Microsoft’s Visual Studio Code, or Jet Brains' IntelliJ IDEA. Using Dependency Analytics gives you in-line guidance on vulnerabilities as you write your application. Second, by searching for Software Bill of Materials (SBOM) and Vulnerability Exploitability eXchange (VEX) information for Red Hat products on Red Hat’s Hybrid Cloud Console.

Q:

What kind of content will be available with the Trusted Profile Analyzer service?

A:

You have access to application libraries for Java, NodeJS, Python, Go, and Red Hat Enterprise Linux packages. Vulnerability information about open source packages comes directly from internal Red Hat resources, Red Hat’s partner ecosystem, such as Snyk, and open source community data sources.

Q:

What content will be available with the Trusted Profile Analyzer Service Preview release?

A:

The following content will be available for Service Preview:

  • Quarkus Java Framework for Java Archive (JAR) files with associated SBOM files.
  • Red Hat Enterprise Linux Universal Base Image (UBI) version 8 and 9 with associated SBOM files.
  • Vulnerability information about open source Java packages.
Q:

How does a Trusted Profile Analyzer SBOM help me?

A:

A Trusted Profile Analyzer Software Bill of Materials (SBOM) can help you by understanding the software components within an application stack, and any related vulnerabilities those software components can have. An SBOM can improve visibility and transparency of open source code within the software supply chain by component’s provenance, license information, and attestation of how it was built.

Q:

Who is using Red Hat’s Trusted Profile Analyzer service?

A:

The primary audience for Red Hat’s Trusted Profile Analyzer service is Quarkus Java developers, and cloud-native container image builders that uses the Red Hat Enterprise Linux UBI.

Q:

To use Red Hat’s Trusted Profile Analyzer service, do I need to learn anything new, or change my development workflows and processes?

A:

No.

Q:

I am not a Quarkus Java developer, can I still gain any value from Red Hat’s Trusted Profile Analyzer service?

A:

Yes. The Trusted Profile Analyzer service still provides security risk information about open source packages that are not currently included in the Trusted Profile Analyzer repository.

Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.