Chapter 2. New features and enhancements

A list of all major enhancements, and new features introduced in this release of Red Hat Trusted Profile Analyzer (RHTPA).

The features and enhancements added by this release are:

Support for the CycloneDX 1.6 specification: The Trusted Profile Analyzer service automatically applies labels based on the Software Bill of Materials (SBOM) type, either CycloneDX or SPDX. With this release we introduced two new labels. These labels will be applied when a CycloneDX-formatted SBOM is ingested that contains a specific component type. The presence of a machine-learning-model component results in an aibom label being applied. The presence of a cryptographic-asset component will result in an cbom label being applied.

Improved license search capabilities: In this release, the RHTPA user interface (UI) now showcases software license data prominently, treating it as a primary component. A new License screen presents all unique license expressions from all Software Bill of Materials (SBOM) documents within the application, accompanied by a count of packages and SBOMs that reference each expression. The UI has been enhanced with filters on the SBOM and Package list screens, enabling users to search for license expressions, thereby facilitating management of license compliance within their application portfolio. This update broadens RHTPA’s core functionality to encompass software license management.

Upload functionality has moved in the RHTPA console: The Upload section has been removed from the navigational side bar, and has moved to the SBOMs and Advisories sections. On the SBOMs page, you have a new Upload SBOM button, and on the Advisories page you have a new Upload Advisory button.

New API endpoint for recommendations: In this update, we implemented a new API endpoint for fetching package recommendations. This API endpoint gives remediation of vulnerabilities for the requested packages. The API endpoint accepts a list of package URLs for analysis, and for each package URL, RHTPA tries to find the trusted package version, improving the overall package management process.

The Trusted Profile Analyzer Operator is generally available: With the release of RHTPA 2.2, the Trusted Profile Analyzer Operator for Red Hat OpenShift is no longer a Technical Preview feature, and is generally available (GA). The Trusted Profile Analyzer Operator is ready for production workload.

SBOM document generator for container images stored in Quay: With this update, users can now select a collection of container images from Quay, have them extracted, and generate Software Bill of Materials (SBOM) documents for each container image by using Syft. This feature can be useful for users who need to generate SBOM documents from container images missing an SBOM, and then uploads it to your RHTPA instance. This streamlines the process of SBOM document generation and management.