Patch delivery lifecycle
Red Hat Lightwell Network fully automates the open source patch delivery lifecycle. It routes, validates, and deploys patched artifacts directly through your existing build tools.
To accelerate vulnerability remediation, Red Hat Lightwell uses automated AI-assistance for patch generation. All AI-generated patches undergo strict automated testing and human validation before distribution.
- Onboarding: You configure your existing build tools, such as Maven, Nexus, or Artifactory, to mirror the secure Red Hat repository.
- Distribution: Red Hat publishes newly signed artifacts to the secure repository so that you automatically receive them during your next dependency resolution.
- Validation: Red Hat tests the patched artifacts for upstream regression and compatibility to ensure that their original behavior is preserved.
- Deployment: Your build pipelines transparently pull the patched artifacts, requiring minimal to no modifications to your application code.
- Upstream contribution: Red Hat submits the backported patch to the originating open source project and works with the upstream community to merge it.
- Disclosure: Red Hat publicly discloses the vulnerability and its corresponding patch, and releases Vulnerability Exploitability eXchange (VEX) and Open Source Vulnerabilities (OSV) data to the broader ecosystem as appropriate.