Conclusion and Next Steps

Congratulations! You’ve completed the Build secure streamlined developer workflows with Red Hat Advanced Developer Suite workshop.

What You’ve Learned

Throughout this workshop, you’ve gained hands-on experience with:

Established software composition trust by deploying Red Hat Trusted Profile Analyzer (RHTPA) and ingesting SBOMs to gain verifiable visibility into software components and vulnerabilities
Implemented cryptographic signing and verification by deploying Red Hat Trusted Artifact Signer (RHTAS) to enable keyless artifact signing, immutable provenance tracking, and tamper-evident transparency logs
Configured an Internal Developer Portal using Red Hat Developer Hub (RHDH) with GitOps, enabling SSO authentication, dynamic plugins, catalog discovery, and seamless developer workflows
Enforced policy-driven promotion by integrating Red Hat Advanced Cluster Security (RHACS) scanning, Enterprise Contract validation, and automated release governance to ensure only verified, compliant images reach production

You now have the skills to design, deploy, and operate a comprehensive trusted software supply chain that balances developer velocity with enterprise-grade security.

Key Takeaways

The most important concepts to remember:

Trust Must Be Verifiable, Not Assumed: Modern software delivery requires cryptographic proof of software composition (SBOMs), artifact integrity (signing), and build provenance (attestations). RHADS provides the infrastructure to make trust measurable and auditable across the entire supply chain.
Security Without Friction: Developers should not have to choose between speed and security. By embedding security capabilities into Golden Path templates and platform-managed workflows, RHADS ensures security is enforced by design while developers remain focused on delivering business value.
Policy-Driven Automation Scales Trust: Manual security checks do not scale. Enterprise Contract validation, automated SBOM ingestion, keyless signing via OIDC, and policy-based promotion ensure that every release is governed consistently, reducing risk while accelerating delivery.

Next Steps

Ready to continue your journey? Here are some recommended next steps:

Recommended Workshops

Explore related workshops to expand your skills:

Red Hat Demo Platform - Access additional RHADS workshops and demos
Red Hat Developer Learning Paths - Explore hands-on tutorials for OpenShift, DevSpaces, and cloud-native development

Documentation and Resources

Deepen your knowledge with these resources:

Practice Projects

Put your new skills to work:

Build a Custom Software Template: Create a Golden Path template for your organization’s technology stack, embedding SBOM generation, commit signing, image scanning, and Enterprise Contract validation into a repeatable, self-service workflow.
Implement Multi-Environment Promotion: Extend the workshop pipeline to include development, staging, and production environments with progressive Enterprise Contract policies that increase in strictness as artifacts move toward production.
Integrate with External Systems: Connect RHDH to your organization’s existing Git provider, container registry, identity provider, and CI/CD platform to demonstrate how RHADS fits into real-world enterprise environments.

References

This section consolidates all references used across the entire workshop.

Open Source Projects and Upstream Communities

Sigstore Project - Used in: Module 2 - Open-source project providing keyless signing, transparency, and verification (upstream for RHTAS)
Trustify Project - Used in: Module 1 - Upstream open-source project for SBOM ingestion and analysis (upstream for RHTPA)
GUAC Community - Used in: Module 1 - Graph for Understanding Artifact Composition community
Backstage - Used in: Module 3 - Upstream open-source developer portal platform created by Spotify (upstream for RHDH)
Conforma - Used in: Module 4 - Upstream open-source policy engine for supply chain verification (upstream for Enterprise Contract)

Developer Experience and Platform Engineering

Internal Developer Platform Overview - Used in: Module 3 - Comprehensive guide to IDP concepts and best practices
Devfile.io - Used in: Module 3 - Standard for defining cloud development environments as code
Backstage Scaffolder Documentation - Used in: Module 4 - Technical reference for software templates and Golden Paths

Share Your Feedback

Help us improve this workshop:

What did you find most valuable?
What could be improved?
What topics would you like to see covered in future workshops?

Thank You!

Thank you for participating in this workshop. We hope you found it valuable and informative.

For Consultants: You now have a reference architecture for deploying trusted software supply chain capabilities in customer environments, with concrete patterns for identity configuration, signing workflows, policy enforcement, and developer platform integration.

For Technical Sellers: You have seen how RHADS addresses the core customer challenges around software supply chain security and developer productivity, with a complete story arc from "we cannot verify our software components" to "only trusted, policy-compliant images reach production."

For Solutions Architects: You understand how RHTPA, RHTAS, RHDH, and RHACS integrate to form a cohesive platform that enables organizations to move fast while staying safe.

Keep building, keep learning! 🚀

Workshop: Build secure streamlined developer workflows with Red Hat Advanced Developer Suite
Completed: 2026-04-01
Platform: Red Hat Showroom