Red Hat Trusted Application Pipeline and Red Hat OpenShift AI

This demonstration takes the audience on a journey across the Software Development Lifecycle (SDLC), from code, to build, through continuous deployment and finally to running in production. An end-to-end DevSecOps CI/CD demonstration of Red Hat Trusted Application Pipeline (RHTAP) incorporating Developer Hub, a developer self-service portal based on Backstage, to standardize and expedite developer onboarding with golden path templates imbued with security guardrails.

In addition to the SDLC is also the MDLC (Model Development Lifecycle) where LLMs are served/managed by Red Hat OpenShift AI. These LLMs are then woven into an application. Offering self-service capabilities for Coders and Modelers.

Featured products in this demonstration include:

RHTAP = RHDH (developer self-service) + RHTAS (signature, attestation) + RHTPA (SBOM)

Within a large enterprise the time required for a newly hired app developer to become productive is often measured in weeks. In this demonstration, we are going to show you how to shrink those weeks down to minutes with a developer-optimized, self-service, Internal Development Platform (IDP) that pre-integrates software supply chain security practices from the moment of project inception.

This is the story of how Red Hat imbues your software supply chain with the content, templates, signatures, attestations, and SBOMs that accelerate your custom application development across the software development lifcycle of code, build, deploy and run. This is the story of how Red Hat empowers your Platform Engineering teams who then in turn super charge your custom application developers.

You might have heard the phrase "shift-left" as it relates to security practices. That phrase primarily focuses on the idea that security checks should not simply be executed manually (human-powered) and at the very end of the path-to-production pipeline but brought forward in time.

In this demonstration, we are going to see the ultimate of "shift-left" by introducing security checks at the point of code entry. We are also going to see "shift-down", injection of security practices from the moment of project creation, embodied by the golden path template, and fully integrated into the platform itself.

Remember the ultimate goal of a well managed platform-as-a-product (PaaP) is to serve its customers, and in the case of an IDP, that means the enterprise application development teams. The IDP can best serve its customers by dramatically lowering the developer’s cognitive load, allowing app devs to focus on the code that contributes to the next business outcome.

In this story, we are are going to hear about 3 major new ideas:

No tickets, no wait, let’s go

Please contact the RHTAP product team on https://redhat.enterprise.slack.com/archives/C06D1L9N6J3 [Slack] for assistance and to provide feedback related to these materials. (Note: Please open the link in a new tab)

Please give this demo a further 10 to 15 minutes to start up completely once the 'Running' status is displayed. Some of the OpenShift resources may not be immediately available.

Consider the following steps BEFORE sharing your screen with the audience. This allows the presenter to switch between the developer and platform engineer (PE) perspectives. During the majority of the presentation you are primarily within the developer perspective, focusing on Developer Hub as the primary user experience.

A super short video on the core value propositions of Backstage.

Click GitLab

Enter user1 and the password provided

Click Authorize

Enter an email address for Keycloak like user1@demo.redhat.com

Arriving at the Welcome screen

In a 2nd browser or Incognito browser, open up the tabs for the Platform Engineer (OpenShift Admin)