Getting started with RHADS

Why Red Hat Advanced Developer Suite?

Organizations developing software face a critical dual challenge: the urgent need to move fast by integrating AI and boosting developer productivity, coupled with the imperative to stay safe amidst rising software supply chain threats. Top software engineering priorities include integrating AI and increasing developer productivity, yet organizations struggle with long onboarding times, inconsistent development environments, and a lack of automation, which impede their ability to accelerate innovation and reduce the average 7-day software development cycle time. Simultaneously, despite open-source components comprising around 90% of modern applications, the ecosystem has seen a 156% year-on-year increase in malicious packages, leading to an estimated $60 billion in damages in 2025 and demanding effective risk remediation. This complex environment, where speed cannot compromise security, necessitates an integrated and comprehensive platform engineering solution like Red Hat Advanced Developer Suite (RHADS) to balance these competing demands.

RHADS combines platform engineering tools with enhanced security capabilities to help accelerate and simplify application development with new enhancements to speed the adoption of AI:

Modular design allows it to be integrated with existing platforms and systems including Red Hat’s platforms
Integrates with existing security capabilities found in Red Hat Advanced Cluster Security
Complements existing developer tools from Red Hat including OpenShift Dev Spaces
Built on leading open source projects like Backstage and Sigstore

Architecture Overview

RHADS is not just a set of tools; it’s purpose-built for balancing speed and security, integrating into existing workflows. It combines platform engineering tools with enhanced security capabilities to accelerate and simplify application development.

The main components of RHADS are:

Red Hat Developer Hub (RHDH): An enterprise-grade, self-managed, and customizable internal developer portal built on Backstage.io. It acts as a central portal for templates, documentation, and tools, reducing cognitive load and setup time. It streamlines development workflows with automated software templates and self-service capabilities. RHDH’s plugin architecture allows for customized software templates and integrates with various tools and services.
Red Hat Trusted Artifact Signer (RHTAS): Provides a secure, transparent, and fully auditable signing and verification system. It ensures the integrity, authenticity, and provenance of software artifacts throughout the development and deployment lifecycle. RHTAS supports both keyless and key-based signing, simplifies signing using existing user identity (GitHub, Google, SSO), and maintains an immutable audit trail. It’s an enterprise-ready deployment of the Sigstore project. RHTAS also extends its signing and verification capabilities to AI models, improving security during the AI model development lifecycle.
Red Hat Trusted Profile Analyzer (RHTPA): Provides platform engineers, developers, and security teams with visibility and actionable insights into the risk profile (vulnerabilities, licenses) of their software supply chain across the entire SDLC. It leverages Software Bill of Materials (SBOM) management, open-source dependency risk analysis, and license tracking to detect vulnerabilities, malicious code, and compliance risks.

RHADS is enhanced by several free, complementary developer tools:

Podman Desktop: This free, open-source tool provides a GUI for local container and Kubernetes management, helping developers build, run, and deploy applications on their desktop and reducing "works on my machine" issues. It supports air-gapped installation and includes an AI Lab extension for AI experimentation. While a community project, it receives Cooperative Community Support for Red Hat customers, including those on ARO and ROSA.
Red Hat Migration Toolkit for Applications (MTA): This toolkit aids in modernizing legacy Java applications for container and cloud-native platforms, enabling assessment, refactoring, and migration with minimal disruption. It accelerates replatforming to OpenShift and will feature future AI integration with Developer Lightspeed for code generation to speed modernization based on static analysis.
Red Hat IDE Plugins: These plugins facilitate local coding by integrating Red Hat ecosystem technologies directly into popular Integrated Development Environments (IDEs), and connect IDEs to OpenShift clusters for direct access to resources.

These tools extend the OpenShift experience to developer desktops and complement RHADS’s features for increased productivity and security across hybrid and multi-cloud environments.

RHADS complements OpenShift:

It extends OpenShift’s capabilities "to the left of the SDLC".
It integrates seamlessly with various supported tools and offerings, including OpenShift Dev Spaces, OpenShift Pipelines, and OpenShift GitOps. This allows development teams to:
- Code, build, test, and debug directly from their browser, mirroring production environments without requiring local setup.
- Release more quickly and test features, also enabling automated testing for earlier bug detection and improved Mean Time To Resolution (MTTR). Customers can also integrate existing CI/CD solutions into Red Hat Developer Hub.
It also complements Red Hat Advanced Cluster Security for Kubernetes (ACS), which enforces security policies for containerized applications, ensuring only trusted artifacts run in the cluster.

The architecture aims to empower platform teams to define and curate trusted environments and tools, which developers then consume for accelerated, secure application delivery from development to production.

Typical RHADS deployment

RHADS is designed with a modular approach that allows it to be integrated seamlessly with a variety of supported tools and existing platforms and systems, including those already in use by customers. The following diagram shows a typical RHADS deployment, the components involved, and how they interact with each other.

Here is a summary of the components and their roles based on the diagram above.

Developer Productivity & End-User Self-Service

IDE (Red Hat OpenShift Dev Spaces, IntelliJ, VS Code, Podman Desktop)

Provides cloud-native development environments, enabling developers to code using familiar tools. These IDEs integrate with the Developer Portal and CI pipelines, allowing seamless transition from code to build. Podman Desktop is a lightweight, rootless, and Docker-compatible desktop GUI tool designed for developers to manage containers and Kubernetes locally, facilitating consistent development environments, experimentation with AI models via its AI Lab extension, and seamless integration with OpenShift.

Internal Developer Portal (Red Hat Developer Hub)

A centralized hub offering self-service templates, API documentation, component catalogs, and learning paths for developers. It also provides plugins to integrate with other tools and services including Red Hat OpenShift and a variety of 3rd party components. It connects developers with resources and tools across the development lifecycle, and enables team collaboration and knowledge sharing.

Version Control System (GitHub, GitLab, etc.)

Houses both application and platform source code, including policies and configurations. Feeds into CI pipelines and GitOps workflows, ensuring traceable and automated deployments.

Continuous Integration & Delivery (CI/CD)

CI/CD Tools (Tekton, GitLab Runners, Jenkins, GitHub Actions, Azure DevOps, etc.)

Automates building, testing, and integration of code changes. It pulls source code from version control and produces deployable artifacts. It also integrates with RHTAS to sign artifacts. RHADS is flexible enough to allow customers with other leading CI/CD solutions, such as Jenkins pipelines and GitHub Actions, to integrate them into Red Hat Developer Hub. This ensures that customers can continue to leverage their existing CI/CD investments.

Artifact Registry (Quay, JFrog, Nexus, etc.)

Stores and manages container images and other build artifacts such as SBOMs, VEX documents, and attestations. All artifacts are signed, scanned, and verified before deployment to ensure compliance and security.

Desired State

Defines the target application and platform configuration and image versions that the application platform should deploy and enforce. OpenShift GitOps (based on ArgoCD) then reconciles actual on-cluster state with this desired configuration to maintain consistency.

Secure Supply Chain

Early Risk/Compliance Analysis (Red Hat Trusted Profile Analyzer)

Analyzes Software Bills of Materials (SBOMs) and VEX documents to detect vulnerabilities early in the development cycle. Integrates with CI pipelines to inform developers of potential risks. It also integrates with OpenShift Dev Spaces to provide a unified view of the application’s security posture directly from the IDE.

Artifact Signing & Verification (Red Hat Trusted Artifact Signer)

Digitally signs and verifies artifacts, ensuring their integrity and provenance. Integrates with registries and GitOps tools to block untrusted content from being deployed.

Image/Deployment Scan (Red Hat Advanced Cluster Security)

Scans container images and runtime deployments for vulnerabilities and policy violations. Works with CI/CD pipelines and cluster environments to enforce security policies.

Application Platform

GitOps (OpenShift GitOps)

Automates application deployment and lifecycle management using Git repositories (the "Desired State") as the source of truth. Applies the desired state to clusters and continuously reconciles the actual on-cluster state with the desired state to maintain consistency.

Target Clusters (Red Hat OpenShift)

Kubernetes-based environments for running applications. Includes support for multi-cluster management through Red Hat Advanced Cluster Management.

Platform Services

Provides core operational capabilities including: - Service Mesh - Serverless - Builds and Pipelines - GitOps - Tracing - Observability - Logging - Cost Management

Cross-Cutting Concerns

Authentication / Authorization / Signing

Uses OpenID Connect providers like Red Hat build of Keycloak for secure identity and access management. Digital signing ensures trust across all pipeline stages. RHADS supports both keyless and key-based signing, using existing user identities like GitHub, Google, or SSO, and maintains an immutable audit trail for maximum transparency and trust.

Policy Enforcement

Policies are enforced from CI through runtime using signed artifacts, security scanning, and GitOps reconciliation. RHADS supports a variety of policies, including:

Vulnerability scanning
License compliance
SBOM compliance
Attestation verification
Image scanning

RHADS Install Options

RHADS is designed as an add-on offering for Red Hat OpenShift and Red Hat OpenShift Platform Plus. Additionally, using Red Hat Trusted Artifact Signer to sign artifacts on Red Hat Enterprise Linux (RHEL) is supported.

Deployment Locations: RHADS components can be deployed wherever OpenShift is deployed, including on Azure Red Hat OpenShift (ARO) and Red Hat OpenShift Service on AWS (ROSA). Crucially, RHADS can also be deployed on non-OpenShift Kubernetes platforms.
Managed Offering: It is not available as a managed offering; RHADS components are self-managed by the customer.
Bare Metal: RHADS can be sold on bare metal OpenShift clusters exclusively. For non-OpenShift clusters on bare metal, per-core and per-user options should be used.

RHADS component installation options

RHADS components and the complementary developer tools can be installed in a variety of ways to support local, disconnected, and cloud environments.

Deployment Type Features and Capabilities

Deployment Type	Features and Capabilities
Local (Developer Desktop) Install	Red Hat Developer Hub Local is a complementary feature of RHADS designed for local development and testing of Red Hat Developer Hub components, such as plugins and templates. It enables platform engineers to run RHDH directly on their local machines without the need for a full Kubernetes setup, simplifying development by allowing direct installation with Docker or Podman. Whether you need to validate the configuration of software catalogs, write and test TechDocs, or build RHDH dynamic plugins, RHDH Local simplifies the process, allowing you to iterate quickly and troubleshoot locally before deploying changes to a production system. Learn more Podman Desktop is designed for local development and explicitly supports air-gapped installation. It provides a graphical user interface (GUI) for managing containers and Kubernetes directly on a developer’s machine, allowing for building, running, and deploying containerized applications locally, thereby reducing "works on my machine" issues by ensuring consistent environments. Podman Desktop also includes an AI Lab extension for experimenting with AI locally. While a community project, it receives Cooperative Community Support for Red Hat customers, including those on managed OpenShift services like ARO and ROSA. Red Hat IDE Plugins enable local coding and integrate Red Hat ecosystem technologies directly into popular Integrated Development Environments.
Disconnected/Air-Gapped Environment deployments	Red Hat Developer Hub Supports fully and partially disconnected environments on OpenShift & xKS. If you are using a supported Kubernetes platform in a fully disconnected or partially disconnected environment, you can install Red Hat Developer Hub by using the Helm chart. Supported Kubernetes platforms include the following: Microsoft Azure Kubernetes Service Amazon Elastic Kubernetes Service Google Kubernetes Engine Handles Operator & Helm installations using `oc-mirror`. Requires access to a local image mirror. Includes a customizable script to mirror dependencies. Red Hat Trusted Artifact Signer Supports offline verification using a cloned TUF Trust Root. Validates against a trusted, local state of the transparency log. Ensures provenance and integrity without a live connection to Rekor’s servers. Red Hat Trusted Profile Analyzer Supports offline analysis of software profiles. Requires mirroring/cloning of Advisory and CVE data sources. Must be configured via its API to use the cloned data sources.
Self-Managed OpenShift and Managed OpenShift Cloud Services deployments	RHADS is designed as an add-on offering for Red Hat OpenShift and OpenShift Platform Plus and can be deployed wherever OpenShift is deployed, including on-premises, private cloud, and public cloud environments. RHADS can also be sold and deployed on bare metal OpenShift clusters exclusively. Furthermore, Red Hat Advanced Developer Suite can be deployed on non-OpenShift Kubernetes platforms, and customers can purchase it on a per-core or per-user basis for these environments.

Local (Developer Desktop) Install

Red Hat Developer Hub Local is a complementary feature of RHADS designed for local development and testing of Red Hat Developer Hub components, such as plugins and templates. It enables platform engineers to run RHDH directly on their local machines without the need for a full Kubernetes setup, simplifying development by allowing direct installation with Docker or Podman. Whether you need to validate the configuration of software catalogs, write and test TechDocs, or build RHDH dynamic plugins, RHDH Local simplifies the process, allowing you to iterate quickly and troubleshoot locally before deploying changes to a production system. Learn more
Podman Desktop is designed for local development and explicitly supports air-gapped installation. It provides a graphical user interface (GUI) for managing containers and Kubernetes directly on a developer’s machine, allowing for building, running, and deploying containerized applications locally, thereby reducing "works on my machine" issues by ensuring consistent environments. Podman Desktop also includes an AI Lab extension for experimenting with AI locally. While a community project, it receives Cooperative Community Support for Red Hat customers, including those on managed OpenShift services like ARO and ROSA.
Red Hat IDE Plugins enable local coding and integrate Red Hat ecosystem technologies directly into popular Integrated Development Environments.

Disconnected/Air-Gapped Environment deployments

Red Hat Developer Hub

Supports fully and partially disconnected environments on OpenShift & xKS.
- If you are using a supported Kubernetes platform in a fully disconnected or partially disconnected environment, you can install Red Hat Developer Hub by using the Helm chart. Supported Kubernetes platforms include the following:
- Microsoft Azure Kubernetes Service
- Amazon Elastic Kubernetes Service
- Google Kubernetes Engine
Handles Operator & Helm installations using oc-mirror.
Requires access to a local image mirror.
Includes a customizable script to mirror dependencies.

Red Hat Trusted Artifact Signer

Supports offline verification using a cloned TUF Trust Root.
Validates against a trusted, local state of the transparency log.
Ensures provenance and integrity without a live connection to Rekor’s servers.

Red Hat Trusted Profile Analyzer

Supports offline analysis of software profiles.
Requires mirroring/cloning of Advisory and CVE data sources.
Must be configured via its API to use the cloned data sources.

Self-Managed OpenShift and Managed OpenShift Cloud Services deployments

RHADS is designed as an add-on offering for Red Hat OpenShift and OpenShift Platform Plus and can be deployed wherever OpenShift is deployed, including on-premises, private cloud, and public cloud environments.
RHADS can also be sold and deployed on bare metal OpenShift clusters exclusively.
Furthermore, Red Hat Advanced Developer Suite can be deployed on non-OpenShift Kubernetes platforms, and customers can purchase it on a per-core or per-user basis for these environments.

In essence, RHADS provides a robust framework that supports developers whether they prefer cloud-based environments, local container development, or integrated IDE experiences, all while embedding security and streamlining workflows.