Red Hat Trusted Application Pipeline Demonstration

This demonstration takes the audience on a journey across the Software Development Lifecycle (SDLC), from code, to build, through continuous deployment and finally to running in production. An end-to-end DevSecOps CI/CD demonstration of Red Hat Trusted Application Pipeline (RHTAP) incorporating Developer Hub, a developer self-service portal based on Backstage, to standardize and expedite developer onboarding with golden path templates imbued with advanced security guardrails. RHTAP allows enterprises to identify and prevent malicious code from entering their software supply chain by automating key security capabilities such as: artifact signing, attestations, SLSA provenance and SBOMs (Software Bill of Materials). Reducing the developer onboarding time from weeks to minutes - no tickets, no waiting, all self-service. This demonstration incorporates Platform Engineering and Platform as a Product (PaaP) practices for offering a customized developer-facing self-service experience known as an Internal Developer Platform (IDP). We will be using Red Hat SSO for authentication and an in-cluster GitLab for source code management (SCM). This demonstration also includes Advanced Cluster Security (ACS) within the pipeline for CVE (common vulnerabilities and exposures), policy and yaml scanning to complete the DevSecOps story.

Featured Products:

  • Red Hat Trusted Application Pipeline

  • Red Hat Developer Hub

  • Red Hat Trusted Artifact Signer

  • Red Hat Trusted Profile Analyzer

  • Red Hat Advanced Cluster Security

  • Red Hat OpenShift Pipelines (Tekton)

  • Red Hat OpenShift GitOps (ArgoCD)

  • Red Hat Quay

  • Red Hat OpenShift Dev Spaces

  • Red Hat OpenShift

Please contact the RHTAP product team on Slack for assistance and to provide feedback related to these materials. https://redhat.enterprise.slack.com/archives/C06D1L9N6J3 (Note: Please open this link in a New Tab)

Throughout this demonstration, we aim to equip you with both the strategic understanding and the technical know-how to navigate and mitigate sophisticated cybersecurity threats.

It’s about setting new standards in container image security and integrity. It’s about the entire SDLC. It’s about developer experience and Dev, Sec and Ops collaborating harmoniously.

Let’s embark on this enlightening journey to safeguard our digital assets against the ever-evolving threats of the cyber world.