Trusted Software Factory Workshop

Welcome to the Trusted Software Factory (TSF) workshop!

What you’ll learn

In this workshop, you will learn how to deploy and use Trusted Software Factory, a secure software supply chain solution for OpenShift Container Platform. By the end of this workshop, you will be able to:

  • Access the Konflux UI

  • Build, sign, and verify your first container image with SLSA Level 3 provenance

  • Understand how TSF integrates Red Hat Trusted Artifact Signer for cryptographic signing

  • Generate and analyze Software Bills of Materials (SBOM) with Red Hat Trusted Profile Analyzer

Who this is for

This workshop is designed for platform engineers, DevSecOps practitioners, and developers who want to implement secure software supply chain practices on OpenShift Container Platform. You should have:

  • Basic knowledge of OpenShift Container Platform and Kubernetes concepts

  • Familiarity with CI/CD pipelines (Tekton)

  • Understanding of container images and registries

  • Experience with GitHub/GitLab workflows

What is Trusted Software Factory?

Trusted Software Factory is a deployable instance of Konflux that brings a complete secure software supply chain to your OpenShift Container Platform cluster. It integrates multiple Red Hat technologies to enable:

  • Secure build pipelines — Tekton-based CI/CD that generates signed container images with SLSA Level 3 provenance

  • Artifact signing — Automatic cryptographic signing using Red Hat Trusted Artifact Signer

  • Software bill of materials — SBOM generation with vulnerability scanning

  • Identity management — Keycloak-based authentication and access control

  • Container registry integration — Automated deployment to Quay

Prerequisites

Before starting this workshop, you should have access to:

  • OpenShift Container Platform cluster running version 4.20 or later (3+ nodes, not SNO)

  • Cluster-admin privileges

  • The self-hosted Quay instance running on the cluster

  • The self-hosted GitLab instance running on the cluster

  • Local workstation with:

    • oc CLI installed

    • Podman installed (Docker not supported)

Workshop environment

This workshop uses a dedicated OpenShift Container Platform cluster. Use this cluster to build and release your first secure application

Access your cluster console at: https://console-openshift-console.apps.cluster-abc123.ocpv00.rhdp.net

Let’s get started!

Click on the next section to begin learning about Trusted Software Factory and preparing for installation.