Skip to content

mbp-1020: Add UC02 Secure Supply Chain to layered-zero-trust #627

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
gaurav-nelson merged 2 commits into from
Dec 18, 2025
Merged

mbp-1020: Add UC02 Secure Supply Chain to layered-zero-trust #627

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
9253b91
mbp-1020: Add UC02 Secure Supply Chain to layered-zero-trust
mlorenzofr Dec 8, 2025
aa71a9c
Secure Supply Chain docs for layered-zero-trust
gaurav-nelson Dec 18, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 18 additions & 0 deletions content/patterns/layered-zero-trust/_index.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,8 @@ The solution integrates many Red{nbsp}Hat components to offer:
* Identity and access management by using the Red{nbsp}Hat build of Keycloak (RHBK).
* Certificate management for secure communications.
* External secret management integration.
* Cryptographic signing and verification.
* SBOM vulnerability analysis.

[id="architecture"]
=== Architecture
Expand Down Expand Up @@ -94,6 +96,18 @@ The pattern consists of the following key components:
* link:https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.14[{rh-rhacm-first}]
** Provides a management control plane in multi-cluster scenarios.

* link:https://docs.redhat.com/en/documentation/red_hat_quay/3.15[Red{nbsp}Hat Quay]
** Enables a private repository for OCI images within the environment.

* link:https://docs.redhat.com/en/documentation/red_hat_openshift_container_storage/4.8/html/managing_hybrid_and_multicloud_resources/index[Multicloud Object Gateway]
** Provides an object storage service for {ocp}.

* link:https://docs.redhat.com/en/documentation/red_hat_trusted_artifact_signer/1.3[Red{nbsp}Hat Trusted Artifact Signer (RHTAS)]
** Provides cryptographic signing and verification of software artifacts and container images.

* link:https://docs.redhat.com/es/documentation/red_hat_trusted_profile_analyzer/2.2[Red{nbsp}Hat Trusted Profile Analyzer (RHTPA)]
** Provides the storage and management means for _Software Bill of Materials_ (SBOMs), with cross-referencing capabilities between SBOMs and CVEs/Security Advisories.

[id="sidecar-pattern"]
==== Sidecar pattern

Expand Down Expand Up @@ -127,3 +141,7 @@ The following technologies are used in this solution:
* *Compliance Operator*: Provides ability to scan and remediate cluster hardening based on profiles
* *QTodo application*: Serves as a sample Quarkus-based application to show zero trust principles.
* *PostgreSQL database*: Provides the backend database for the demonstration application.
* *Multicloud Object Gateway*: Lightweight object storage service for {ocp}. Used by Quay for the storage of binary blobs.
* *Red{nbsp}Hat Quay*: Private registry for OCI images.
* *Red{nbsp}Hat Trusted Artifact Signer*: Facilitates signing and verification of software artifacts.
* *Red{nbsp}Hat Trusted Profile Analyzer*: Enables SBOM file analysis and vulnerability detection.
Loading