At CIQ, we’re committed to freedom, open source, transparency, and security across every step of the software supply chain. In that spirit, we’re thrilled to announce that new CIQ enhancements to errata and security reporting are now available.
Doubling down on our commitment to full open source reproducibility of the most current Rocky Linux bug fixes, security patches, and feature enhancements, our engineers have released the Rocky Linux 9 errata subsystem as an open source project and have fully integrated it with the open source build system Peridot. The Rocky Linux 9 errata is now available through the Rocky Enterprise Software Foundation (RESF), which will continue to maintain the project.
Peridot build system is a game changer for managing software updates
Why is the Peridot build system such a big deal? Thanks to it, for the first time, an Enterprise Linux distribution can be built and enhanced by the open source community, with full access to the latest errata and supporting infrastructure, contributing to software supply chain security for the enterprise.
Peridot is revolutionizing the way we manage Rocky Linux packages and update information with its cloud-native repository manager, yumrepofs, and its new CVE (Common Vulnerabilities and Exposures) indexer and errata mirroring tool. This powerful build system eliminates the need for NFS (Network File System) and relies solely on object storage, allowing for a more efficient and reliable way to maintain and publish repository state. With the ability to track errata from multiple sources, including Rocky Linux's upstream, and follow the lifecycle of CVEs until they are fixed, Peridot is a game changer for managing software updates.
Errata is a critical aspect in managing supply chain security
Chief Information Security Officers (CISOs) clearly need absolute transparency and reporting of security within their supply chain. The use of errata is a critical aspect in managing supply chain security, as it provides the reporting necessary to have transparency into the latest bug fixes, CVEs, functionality enhancements, and more, all in real time. By making this information fully available alongside Rocky Linux repositories, the RESF is aiding users to do more granular maintenance to their systems. Rocky Linux is now including this information in full in their current supported repositories, and is also making historical data available through their Web UI. The RESF will also provide full API access to this data.
Understanding how security advisories affect the software infrastructure is absolutely critical, and we believe that capability should be freely available. For this reason—and in alignment with our commitment to open source—we've released not only the front end but also the backend indexers so others can leverage and collaborate to further our shared need for software supply chain management and security.
Learn more about Rocky Linux, which is widely adopted in enterprise and High Performance Computing (HPC) environments, as well as by leading cloud providers and hyperscalers. Reach out to us if you’d like to learn more about our Rocky Linux support offerings.