🔌 Plugin: RHDA(Red Hat Dependency Analytics)

[JudeNiroshan]

🔖 Summary

Red Hat Dependency Analytics (RHDA) is an open-source tool that helps developers build secure applications by identifying vulnerabilities. It analyzes the open-source components used in an application and checks them against vulnerability databases. This allows developers to proactively address security risks early in the development process.

Introducing a backstage plugin will enable Backstage users to analyze software components for potential vulnerabilities and apply recommended remediations.

🌐 Project website (if applicable)

https://developers.redhat.com/products/trusted-profile-analyzer/overview https://github.com/RHEcosystemAppEng/exhort https://marketplace.visualstudio.com/items?itemName=redhat.fabric8-analytics

(PoC) - https://github.com/RHEcosystemAppEng/backstage-plugin-rhda

✌️ Context

To improve security across our software supply chain, this project proposes integrating the Red Hat Dependency Analytics (RHDA) plugin with Backstage. RHDA offers language-agnostic analysis for Java, JavaScript, Go, and Python projects. The RHDA Backstage plugin, with its three-layer architecture (frontend, backend, and RHDA executor container with pre-built language-specific executors), simplifies configuration through the Backstage plugin catalog XML. This integration streamlines the security analysis workflow within Backstage, enabling early vulnerability detection across diverse programming languages.

👀 Have you spent some time to check if this plugin request has been raised before?

• [X] I checked and didn't find similar issue

🏢 Have you read the Code of Conduct?

• [X] I have read the Contributing Guidelines

Are you willing to submit PR?

Yes I am willing to submit a PR!