- Issued:
- 2026-07-09
- Updated:
- 2026-07-09
RHSA-2026:37296 - Security Advisory
Synopsis
RHTAS 1.0.1 - GA Release Of the Policy Controller Operator
Type/Severity
Security Advisory: Important
Topic
The GA release of the RHTAS Policy Controller Operator.
For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4
Description
The RHTAS Policy Controller Operator can be used with OpenShift Container Platform 4.16, 4.17, 4.18, 4.19, 4.20, 4.21, 4.22
Solution
The RHTAS Policy Controller Operator is Helm-based operator for deploying and managing instances of the Sigstore Policy Controller on OpenShift. It is a self-managed on-premise deployment of the Policy Controller Helm Charts available at https://github.com/sigstore/helm-charts/tree/main/charts/policy-controller
Platform Engineers, Software Developers and Security Professionals may use the RHTAS Policy Controller Operator to enforce policies on OCP clusters by using supply-chain metadata.
For details on using the RHTAS Policy Controller Operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4
Affected Products
- Red Hat Trusted Artifact Signer (RHTAS)
Fixes
(none)amd64
| registry.redhat.io/rhtas/policy-controller-operator-bundle@sha256:d77bdf55a68e9bfce079a693f154b0c122b80ed652ad480233c51673f30baaec |
| registry.redhat.io/rhtas/policy-controller-rhel9-operator@sha256:8c33fe382a956f42a6aa9e87580a8b6b33fddd847b968b4fdae64264ac1950d4 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.