Red Hat SummitCe contenu n'est pas disponible dans la langue sélectionnée.
Chapter 1. What is RHTAP?
RHTAP is not just a secure CI/CD platform—it’s a transformative solution that enhances cybersecurity practices across your entire software development lifecycle (SDLC). By integrating security measures from inception to deployment, RHTAP accelerates developer onboarding, streamlines processes, and fortifies your applications against emerging threats.
1.1. Key Features
- Continuous Integration and Delivery (CI/CD): Automatically build, test, and deploy container images from your Git source code within a secure development environment.
- Ready-to-Use Templates: Kickstart your projects with pre-built, secure templates that you can customize, accelerating your time to production.
- Versatile Build Support: Build applications in popular languages like Java, Python, Node.js, Go, or npm into secure container images.
- Developer Portal Access: Utilize Red Hat Developer Hub as your self-service portal, streamlining development and integrating security best practices from the outset.
- Advanced Security Scanning: Identify vulnerabilities with each merge request, generate detailed Software Bills of Materials (SBOMs), and verify container image compliance against rigorous security standards.
Who Should Use RHTAP?
RHTAP is tailored for platform engineers, application developers, and security teams seeking a robust, secure solution for managing software supply chains. Whether setting up a new internal developer portal or enhancing existing CI/CD processes, RHTAP offers the tools and flexibility your organization needs to thrive.
How Does RHTAP Work?
RHTAP empowers organizations to secure and streamline their DevSecOps CI/CD workflows with a comprehensive suite of tools:
1.2. Secure Development from the Start
Once RHTAP is deployed, developers can access pre-built, secure templates within Red Hat Developer Hub, simplifying the creation of new applications. These templates provide a fully equipped environment, including a code repository, technical documentation, and a CI/CD pipeline.
1.3. Ongoing Security Throughout the Development Lifecycle
Every time source code is modified, RHTAP triggers a pipeline run that signs and attests each build artifact. The pipeline also performs rigorous vulnerability scans and automatically generates SBOMs, offering full transparency into your application’s components.
1.4. Review, Refine, and Release
As your application advances through various stages—development, staging, and production—RHTAP continuously enforces security standards through your Enterprise Contract (EC). This ensures that only container images meeting predefined quality and security criteria are released, with detailed reports guiding any necessary corrections.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}