Rancher Government Solutions has released Rancher Government Carbide, a supply chain security-focused add-on service to the Rancher suite.
The offering is intended to streamline Kubernetes security management by delivering a standardized method for users to certify that their software is protected, the Reston, Virginia-based company announced on Wednesday.
Lynne Chamberlain, president and CEO of Rancher Government Solutions, said the criticality of software in daily operations has made the balance between security and innovation “essential.” She explained that Carbide was developed to simplify Kubernetes management by assisting users with validating that their software is in line with federal security mandates.
To ensure supply chain security, Carbide verifies provenance back to a trusted entity using a centralized secure container registry for end users, which is validated by a secured signing key. Its pipeline leverages tools for vulnerability scanning and generating software bills of materials, or SBOMs.
Carbide, which includes airgap documentation and edge capabilities, supports Rancher MCM 2.6 & RKE2, the first Kubernetes management platform and distribution with Defense Information Systems Agency-certified Security Technical Implementation Guides.
The offering also includes the STIGATRON tool, which automatically scans downstream clusters from the centralized Rancher Manager and compares them to the STIG cluster to validate that they are secure, allowing for automated compliance with federal security requirements.
“At Rancher Government Solutions, we know securing the software supply chain is mission-critical to our federal customers, particularly given the increased frequency of attacks,” said Brandon Gulla, vice president and chief technology officer of Rancher Government Solutions.
“We built Carbide to provide security validation capabilities directly to our customers and give them a clear, easy way to confidently answer difficult questions about the security posture of their Kubernetes environments,” he said.
