红帽全球峰会此内容没有您所选择的语言版本。
Chapter 1. Overview
Red Hat Advanced Developer Suite (RHADS) is a DevSecOps framework that integrates security from project inception to production. It reduces security risks in continuous integration and continuous delivery (CI/CD) pipelines by embedding security checks, ensuring artifact integrity, and enabling compliance with standards such as Supply chain Levels for Software Artifacts (SLSA).
RHADS was previously known as Red Hat Trusted Application Pipeline. Starting with version 1.6, it became part of a new Red Hat offering Red Hat Advanced Developer Suite.
1.1. Key features
Red Hat Advanced Developer Suite provides a comprehensive set of features to secure your software supply chain, from templates you can tailor to your workflow to automated compliance and policy enforcement.
- Customizable templates: Start projects quickly with customizable templates that include established security practices. Reduce setup time and focus on delivering secure software sooner.
- Secure CI/CD pipelines: Build, test, and deploy container images securely using pre-configured pipelines integrated with your Git repository. Apply security measures at every stage to reduce risks before code reaches production.
- Integrated security checks: Detect and address potential vulnerabilities with detailed insights to help understand the potential threats.
- SBOM management: Automatically generate a Software Bill of Materials (SBOM) for each pipeline. Sign attestations and maintain a clear record of component origins, ensuring traceability and compliance throughout the software life cycle.
- Tamper-proof artifact signing: Apply cryptographic signatures to code submissions and related artifacts. Maintain an immutable log of build and deployment activities to preserve trust and integrity.
- Compliance and policy enforcement: Comply with standards such as Supply chain Levels for Software Artifacts (SLSA) Level 3 and enterprise requirements. Configure approval gates, run vulnerability scans, and enforce policies so only verified, compliant artifacts move forward.
1.2. Integrated technologies
Red Hat Advanced Developer Suite (RHADS) integrates with industry-leading platforms and tools:
| Component or Technology | Description |
|---|---|
| Red Hat Developer Hub (RHDH) | A self-service portal that streamlines development and integrates security best practices from the get-go. |
| Red Hat Trusted Artifact Signer (RHTAS) | Enhances software integrity through signature and attestation, ensuring all artifacts are secure and authentic. |
| Red Hat Trusted Profile Analyzer (RHTPA) | Automates the creation and management of SBOMs, providing transparency and compliance in your software supply chain. |
| Red Hat Advanced Cluster Security (RHACS) | Automates the scanning of artifacts for vulnerabilities. |
| OpenShift GitOps | Automates application deployment and lifecycle management, ensuring consistent versions of app definitions, configurations, and environments. |
| OpenShift Pipelines | Automates the CI/CD processes with visibility and control over build, test, and deployment workflows. |
1.3. Configuration options
Red Hat Advanced Developer Suite allows flexibility in CI/CD management, source repositories, and artifact registries:
| Category | Options |
|---|---|
| CI/CD pipelines |
Note All CI pipelines except Tekton conform to SLSA Build L2. Tekton conforms to Build L3. |
| Source repositories |
|
| Artifact registries |
|
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}