RGS launches Carbide supply chain security solution

image of keyboard and lock, software security | Carbide

Rancher Government Solutions (RGS), the leader for securing Kubernetes and cloud native, containerized applications for the US government, has launched Rancher Government Carbide, a supply chain security solution aiming to provide a better, more standardized way for users to verify and validate that their software is safe and secure.

Rancher Government Carbide secures the software supply chain by verifying provenance back to a trusted entity using a centralized secure container registry for end users, validated by a secured signing key.

Additionally, Carbide utilizes tools for vulnerability scanning and generating software bills of materials (SBOMs). The solution supports the first and only Kubernetes management platform and distribution with Security Technical Implementation Guides (STIGs) that is validated and published by the Defense Information Systems Agency (DISA), namely Rancher MCM 2.6 and RKE2.

Rancher Government Carbide is an add-on to support the existing Rancher products suite and is easily accessible to all RGS customers with a support subscription.

Lynne Chamberlain, president and CEO of Rancher Government Solutions, said: “Given that software is critical to daily operations, the need to balance security with innovation is essential.

“This is why our team developed Rancher Government Carbide: to simplify Kubernetes management by providing a more standardized way for users to verify and validate software and support federal security compliance requirements.”

Brandon Gulla, vice president and chief technology officer at Rancher Government Solutions, said: “At Rancher Government Solutions, we know securing the software supply chain is mission critical to our federal customers, particularly given the increased frequency of attacks.

“We build Carbide to provide security validation capabilities directly to our customers and give them a clear, easy way to confidently answer difficult questions about the security posture of their Kubernetes environments.”