Improving modern software supply chain security: From AI models to container images

The software supply chain has evolved dramatically in recent years. Today’s applications integrate countless components—from open source libraries and container images to AI models and training datasets. Each element represents a potential security risk that organizations must understand, verify, and continuously monitor. As supply chain attacks increase in frequency and sophistication, enterprises need comprehensive solutions that provide both artifact integrity and deep visibility into their software dependencies.

Red Hat’s latest releases of Red Hat Trusted Artifact Signer 1.3 and Red Hat Trusted Profile Analyzer 2.2 deliver a powerful combination of cryptographic signing capabilities and advanced supply chain analysis, addressing a full spectrum of modern software security challenges, including the emerging complexities of AI-powered applications.

The growing complexity of supply chain security

Modern applications are built from diverse components that create an intricate web of dependencies. Traditional software includes operating system (OS) packages, application libraries, and container base images. But today’s AI-powered applications introduce additional complexity with machine learning (ML) models, training datasets, and inference frameworks—each requiring specialized security considerations.

This complexity creates multiple attack vectors. Malicious actors can compromise software at build time by injecting code into repositories, at distribution time by replacing legitimate packages with malicious versions, or at deployment time by exploiting weak verification processes. The 2025 supply chain attack on popular npm packages demonstrated that a single compromised component can affect thousands of downstream organizations.

Cryptographic integrity with Trusted Artifact Signer 1.3

Trusted Artifact Signer 1.3 helps to address these challenges by providing enterprise-grade cryptographic signing and verification for all software artifacts. Built on the open source Sigstore project, Trusted Artifact Signer enables every component in your software supply chain to be signed and later verified for authenticity and integrity, adding OpenID Connect (OIDC) identity claims and signed timestamps to signatures for enhanced security capabilities and auditability.

Securing AI models

One of the most significant additions in Trusted Artifact Signer 1.3 is the model transparency library, which brings cryptographic integrity to AI model deployments. When deploying a ML model, the system generates cryptographic hashes for the model and its associated files and metadata, storing them in a serialized manifest. This manifest is cryptographically signed and saved as a detached signature to safeguard against tampering.

The integrated model validation operator takes this protection further by monitoring OpenShift namespaces for specific labels and custom resources, enabling automatic verification of signed models prior to deployment. This helps confirm that only trusted, verified AI models reach production systems—a critical capability as organizations increasingly rely on ML for business-critical decisions.

Enterprise-grade high availability

Trusted Artifact Signer 1.3 introduces fine-grained configuration capabilities for scaling, scheduling, and resource management in enterprise environments. Organizations can now manage pod affinity rules, set tolerations for node taints, configure multiple replicas for high availability, and define precise resource requests and limits. This enterprise-focused approach supports the availability of cryptographic signing and verification even during peak loads or infrastructure failures.

Transparency and monitoring

The platform continuously verifies the integrity of Rekor transparency logs, ensuring they remain append-only and immutable. This verification process runs on a configurable schedule, providing ongoing assurance that the historical record of signed artifacts remains untampered. New cloud storage integration with S3 and Google Cloud Storage offers flexible options for attestation storage, while external Redis database support provides enhanced search capabilities across large transparency logs.

Comprehensive analysis with Trusted Profile Analyzer 2.2

While Trusted Artifact Signer supports artifact integrity through cryptographic signing, Trusted Profile Analyzer 2.2 provides the visibility and analysis capabilities needed to understand and manage complex software supply chains. The latest release introduces several key enhancements that address the growing complexity of modern applications.

License compliance at scale

The new license search capability with Trusted Profile Analyzer 2.2 allows organizations to search for specific license types across all stored Software Bills of Materials (SBOMs). This provides a centralized view of license compliance, making it dramatically easier to manage legal and policy requirements across hundreds or thousands of software components. Instead of manually reviewing individual SBOMs, security and compliance teams can quickly identify all components using specific licenses, assess risk, and verify policy and legal compliance across all components and dependencies in the software stack.

Streamlined container security

Enhanced integration with Quay simplifies the process of getting container security data into the analysis platform. Organizations can now ingest SBOMs from Quay or any OCI registries or configure automatic SBOM generation and ingestion for container images. This reduces manual processes and helps ensure that security analysis is always based on current data, eliminating the lag time that can leave organizations vulnerable to newly discovered threats.

AI supply chain visibility

Perhaps most importantly for modern applications, Trusted Profile Analyzer 2.2 introduces AIBOM (Artificial Intelligence Bills of Materials) ingestion and analysis. This capability allows organizations to include AI-specific components, such as ML models in their security and compliance analysis.

AIBOMs provide greater visibility into the complete AI supply chain, including model provenance, training data sources, and algorithmic dependencies. This comprehensive view is essential as AI models become increasingly central to business operations and regulatory frameworks for AI governance continue to evolve.

The power of integration

The combination of Trusted Artifact Signer 1.3 and Trusted Profile Analyzer 2.2 creates a comprehensive supply chain security platform that addresses both integrity and visibility. Trusted Artifact Signer enables every component—from container images to AI models—to be cryptographically signed and verified. Trusted Profile Analyzer provides the analytical capabilities needed to understand dependencies, manage workload compliance, and monitor for risks across the entire software supply chain.

This integrated approach enables several key security outcomes, including:

Automated trust verification: Organizations can automatically verify the integrity of all software components before deployment, helping prevent the use of tampered or unauthorized artifacts.

Comprehensive compliance: Centralized license analysis and audit trails support regulatory compliance requirements while reducing manual overhead.

AI-ready security: Native support for AI model signing and AIBOM analysis prepares organizations for the security challenges of AI-powered applications.

Scalable operations: High-availability configurations and cloud storage integration help supply chain security scale with organizational growth.

Looking forward

As software supply chains continue to evolve, the combination of cryptographic integrity and comprehensive analysis becomes increasingly critical. The integration of AI components introduces new attack vectors and compliance requirements that traditional security tools weren’t designed to address.

Organizations implementing Trusted Artifact Signer and Trusted Profile Analyzer gain not just security improvements, but also operational advantages. Automated verification reduces manual security reviews, centralized analysis simplifies compliance reporting, and comprehensive visibility enables proactive risk management.

The future of software security lies in treating supply chain integrity as a fundamental requirement rather than an optional enhancement. With tools like Trusted Artifact Signer 1.3 and Trusted Profile Analyzer 2.2, organizations can build this integrity into their development and deployment processes from the ground up, creating a foundation with an enhanced security posture that scales with their technological evolution.

In an era where a single compromised component can affect entire industries, comprehensive supply chain security isn’t just a technical requirement—it’s a business imperative. The combination of cryptographic signing, continuous verification, and deep analytical capabilities provides the foundation for security-focused software delivery in an increasingly complex technological landscape.