Red Hat SummitAbout Red Hat Advanced Developer Suite - software supply chain
Learn how to secure your software development lifecycle with Red Hat Advanced Developer Suite - software supply chain.
Abstract
Preface
Red Hat Advanced Developer Suite - software supply chain (RHADS - SSC) is a comprehensive suite of tools designed to enhance and secure the software supply chain for developers and DevOps teams.
Securing your software supply chain is critical to prevent software vulnerabilities. RHADS - SSC embeds security throughout the software development lifecycle (SDLC), enabling teams to innovate confidently while adhering to the highest security standards.
Chapter 1. Overview
Red Hat Advanced Developer Suite (RHADS) was previously known as Red Hat Trusted Application Pipeline. Starting with version 1.6, it became part of a new Red Hat offering Red Hat Advanced Developer Suite.
RHADS is a DevSecOps framework that integrates security from project inception to production. It reduces security risks in continuous integration/continuous delivery (CI/CD) pipelines by embedding security checks, ensuring artifact integrity, and enabling compliance with standards such as Supply chain Levels for Software Artifacts (SLSA).
1.1. Key features
- Ready-to-use templates: Start project quickly with customizable templates that include established security practices. Reduce setup time and focus on delivering secure software sooner.
- Secure CI/CD pipelines: Build, test, and deploy container images securely using pre-configured pipelines integrated with your Git repository. Apply security measures at every stage to reduce risks before code reaches production.
- Integrated security checks: Detect and address potential vulnerabilities with detailed insights to help understand the potential threats.
- SBOM management: Automatically generate a Software Bill of Materials (SBOM) for each pipeline. Sign attestations and maintain a clear record of component origins, ensuring traceability and compliance throughout the software life cycle.
- Tamper-proof artifact signing: Apply cryptographic signatures to code submissions and related artifacts. Maintain an immutable log of build and deployment activities to preserve trust and integrity.
- Compliance and policy enforcement: Comply with standards such as Supply chain Levels for Software Artifacts (SLSA) Level 3 and enterprise requirements. Configure approval gates, run vulnerability scans, and enforce policies so only verified, compliant artifacts move forward.
1.2. Integrated technologies
Red Hat Advanced Developer Suite (RHADS) integrates with industry-leading platforms and tools:
| Component or Technology | Description |
|---|---|
| Red Hat Developer Hub (RHDH) | A self-service portal that streamlines development and integrates security best practices from the get-go. |
| Red Hat Trusted Artifact Signer (RHTAS) | Enhances software integrity through signature and attestation, ensuring all artifacts are secure and authentic. |
| Red Hat Trusted Profile Analyzer (RHTPA) | Automates the creation and management of SBOMs, providing transparency and compliance in your software supply chain. |
| Red Hat Advanced Cluster Security (RHACS) | Automates the scanning of artifacts for vulnerabilities. |
| OpenShift GitOps | Automates application deployment and lifecycle management, ensuring consistent versions of app definitions, configurations, and environments. |
| OpenShift Pipelines | Automates the CI/CD processes with visibility and control over build, test, and deployment workflows. |
1.3. Configuration options
Red Hat Advanced Developer Suite allows flexibility in CI/CD management, source repositories, and artifact registries:
| Category | Options |
|---|---|
| CI/CD pipelines |
Note All CI pipelines except Tekton conform to SLSA Build L2. Tekton conforms to Build L3. |
| Source repositories |
|
| Artifact registries |
|
Chapter 2. Development workflow
Red Hat Advanced Developer Suite (RHADS) integrates security at every step of the DevSecOps workflow:
- Start with secure templates: Leverage pre-built templates from RHDH for a secure foundation. These templates include code repositories, documentation, and pre-configured CI/CD pipelines.
- Develop and modify code: Modify your code after creating the application. Each code change triggers a pipeline that automatically performs security checks, including artifact signing, vulnerability scanning, and SBOM generation.
- OpenShift GitOps driven deployment: RHADS enforces security policies throughout the development lifecycle, from development to production, using Conforma. This ensures that only compliant builds are deployed.
Revised on 2025-09-24 19:12:30 UTC
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}