OpenShift Container Platform (OCP): Is a container orchestration platform based on Kubernetes that provides a robust environment for developing, deploying, and managing containerized applications. All the workshop components you are using today are running on OpenShift. To learn more about OpenShift follow this link: https://www.redhat.com/en/technologies/cloud-computing/openshift/container-platform.

Golden Path Template (GPT): Is a pre-configured template that provides a standardized approach to common development tasks within an organization. GPTs help developers create new components with ease, in an automated and self-service manner, while ensuring compliance with organizational policies and best practices. For a more in-depth explanation, check out the blog Raffaele Spazzoli: https://www.redhat.com/en/blog/designing-golden-paths.

Internal Developer Portal (IDP): Is a centralized platform within a company that provides developers with tools, resources, and information they need to build and deploy applications. Think of it as a one-stop shop for internal developers, streamlining access to APIs, documentation, and development environments. You can further learn about IDPs through this URL: https://internaldeveloperplatform.org/what-is-an-internal-developer-platform/.

Keycloak: Is an open-source identity and access management (IAM) tool from Red Hat. It centralizes user authentication, authorization, and single sign-on (SSO) for applications and services. Explore the Keycloak documentation for a deeper dive: https://www.keycloak.org/.

Red Hat Developer Hub (RHDH): Is an enterprise open-source platform by Red Hat for building developer portals. It streamlines development workflows by providing a unified environment with access to essential tools and resources. RHDH helps development teams collaborate more effectively and accelerate application delivery. Explore Red Hat Developer Hub documentation to learn more: https://developers.redhat.com/rhdh/overview.

RHDH plugins: Are pre-built software modules that integrate seamlessly with the RHDH platform. They provide additional features and functionalities beyond what’s offered by the core platform itself. These plugins can be categorized into two main types:

Community-Developed Plugins: A vibrant community of developers contributes a wide variety of plugins to the RHDH ecosystem. These plugins offer innovative features and cater to diverse needs. While not officially supported by Red Hat, many community plugins are well-maintained and can significantly enhance your development experience.

Checkout this link to find out more about available plugins: https://developers.redhat.com/rhdh/plugins.

Quarkus: Is a Kubernetes-native Java framework from Red Hat, designed for building cloud-native applications. It emphasizes speed, efficiency, and minimal resource consumption. Compared to traditional Java frameworks, Quarkus offers:

Explore the official Quarkus website for a deeper dive: https://quarkus.io/

Red Hat Quay: Is a container image registry offered by Red Hat for storing, managing, and securely distributing containerized applications. It acts as a central repository for developers to build, share, and deploy container images. Explore Red Hat Quay documentation to learn more about its features: https://access.redhat.com/products/red-hat-quay/.

Red Hat OpenShift GitOps: Is an operator offered by Red Hat that simplifies the deployment and management of Argo CD for GitOps workflows on OpenShift. Learn more about OpenShift GitOps: https://www.redhat.com/en/technologies/cloud-computing/openshift/gitops.

Red Hat OpenShift Pipelines: Is a cloud-native continuous integration and continuous delivery (CI/CD) solution built on Red Hat OpenShift. It utilizes Tekton, a Kubernetes-native framework, to automate deployments across various platforms (Kubernetes, serverless, VMs, etc.). You can read more about Red Hat OpenShift Pipelines through this blog: https://www.redhat.com/en/blog/introducing-openshift-pipelines.

Red Hat Trusted Artifact Signer (RHTAS): Is a self-managed, on-premise solution from Red Hat for cryptographically signing and verifying software artifacts throughout the software supply chain. Built on the open-source Sigstore project, RHTAS enhances the security and integrity of your software development process by verifying the authenticity and integrity of signed artifacts, ensuring they haven’t been tampered with during the supply chain. Read more about RHTAS in this blog: https://developers.redhat.com/blog/2023/11/15/announcing-red-hat-trusted-artifact-signer-rhtas-tech-preview#what_is_it_and_why_should_i_care_

Supply Chain Levels for Software Artifacts (SLSA): Is an open-source security framework developed by the Open Source Security Foundation (OpenSSF) to improve the integrity and security of software artifacts throughout the supply chain. Check out the official website for more details: https://slsa.dev/.

Red Hat Trusted Application Pipeline (RHTAP): Is a hosted and managed service from Red Hat designed to securely build, assemble, and deploy next-generation cloud-native applications. RHTAP emphasizes security throughout the software development lifecycle (SDLC) to deliver trust and integrity within your application supply chain. Learn more about RHTAP in this blog: https://developers.redhat.com/articles/2023/07/18/introduction-red-hat-trusted-application-pipeline#the_solution__red_hat_trusted_application_pipeline.

SigStore: Is an open-source project under the Linux Foundation, backed by organizations like Google, Red Hat, and Chainguard. It aims to revolutionize software supply chain security by providing a standardized approach to signing, verifying, and storing cryptographic evidence throughout the development lifecycle. SigStore offers a suite of tools and services that work together to create a verifiable chain of trust for software artifacts. Here is a quick overview of those tools:

Learn more about how Red Hat leverage the Sigstore project in this blog: https://www.redhat.com/en/blog/red-hat-openshift-and-sigstore.

Enterprise Contract (EC): Is a suite of tools designed to maintain software supply chain security. It focuses on container images and offers functionalities for:

GitSign: Is a tool that implements keyless signing for Git commits using the Sigstore project’s infrastructure. It allows developers to sign their commits with a valid OpenID Connect (OIDC) identity, eliminating the need for traditional GPG keys and complex key management. Read more about GitSign in this blog: https://medium.com/sigstore/introducing-gitsign-9fd3f1b682aa.

Cosign: Is a command-line tool developed by the Sigstore project that facilitates secure signing and verification of software artifacts, particularly container images and blobs used in software development pipelines. It offers a flexible and robust approach to securing the software supply chain. Read more about signing containers with Cosign here: https://docs.sigstore.dev/signing/signing_with_containers/.

Tekton Chains: Is a Kubernetes Custom Resource Definition (CRD) controller designed to manage security within the Tekton continuous integration and continuous delivery (CI/CD) framework. It plays a crucial role in securing the software supply chain by focusing on provenance, which refers to the detailed record of an artifact’s creation and history. Tekton Chains offers some powerful capabilities:

Helm Chart: Is a package that contains all the necessary information to deploy an application to a Kubernetes cluster. It includes Kubernetes manifests (e.g., Deployments, Services), configuration files, and templates. Learn more about Helm Charts here: https://helm.sh/docs/topics/charts/.

Red Hat Advanced Cluster Security (ACS): Is a platform designed to safeguard containerized applications deployed on Kubernetes clusters. It offers a comprehensive security solution that encompasses various aspects of the software supply chain, protecting your applications from various threats throughout their lifecycle. LEarn more about Red Hat Advanced Cluster Security (ACS) here: https://www.redhat.com/en/technologies/cloud-computing/openshift/advanced-cluster-security-kubernetes.