Chapter 2. New features and enhancements

Trusted Profile Analyzer on Red Hat Enterprise Linux

With this release, as a Technical Preview, you can deploy RHTPA on Red Hat Enterprise Linux 9 by using an Ansible Playbook. You can customize this deployment solution by using your own PostgreSQL database, OpenID Connect (OIDC) provider, Simple Storage Service (S3), and Simple Queue Service (SQS) services. You can find more information in the RHTPA Deployment Guide.

Redesign of the Trusted Profile Analyzer console, and a new CVE impact panel

With this release, we designed a new Dashboard homepage that is more intuitive, and gives users more pertinent data at a glance. The Dashboard shows the Common Vulnerabilities and Exposures (CVE) impact on the last 10 software bill of materials (SBOM) uploaded. Along with the impact data, you can also see the date and time, and the number of documents, such as, Common Security Advisory Framework (CSAF) advisories, SBOMs and CVEs recently uploaded.

New version of the component registry

With this release, we updated the Graphical Understanding of Artifact Composition (GUAC) component registry to version 0.7.2. This newer GUAC version is easier to support and is more reliable than earlier versions. Currently, there is no upgrade path from RHTPA 1.1 to 1.2. You must do a fresh installation of RHTPA 1.2, and re-upload your documents to use the new features of GUAC 0.7.2.

Support for CycloneDX 1.5 and SPDX 2.3

With this release, we now support software bill of materials (SBOM) documents formatted in CycloneDX version 1.5, and SPDX version 2.3.