Lab 3: Deploy TSSC Components

Overview

Deploy the Trusted Software Supply Chain (TSSC) components piece by piece onto your OpenShift cluster. TSSC provides cryptographic signing, attestation, and vulnerability analysis to secure your software delivery process.

The exercises in Day 3 use the existing Red Hat Advanced Developer Suite (RHADS) TL3 enablement content. You will provision a dedicated lab environment and complete selected modules that cover TPA and TAS setup.

Provision the TL3 Lab Environment

Order the Product Enablement: Red Hat Advanced Developer Suite (TL3) from the Red Hat Demo Platform catalog.

Provisioning can take up to 60 minutes. Order your environment early so it is ready when you reach Day 3.

Once provisioned you will receive an email with credentials and access instructions for the TL3 lab environment. You will complete a specific set of modules using the lab environment, outlined below.

Architecture

The TSSC architecture consists of the following components:

  • Trusted Artifact Signer (TAS) — Provides keyless code signing using Sigstore (cosign, Fulcio, Rekor)

  • Trusted Profile Analyzer (TPA) — Analyzes SBOMs and vulnerability data to produce trust profiles for software artifacts

Deploy TPA (Module 3)

Complete Module 3: Setup Trusted Profile Analyzer in the TL3 lab.

This module walks you through deploying and configuring TPA on OpenShift, including:

  • Installing the TPA operator

  • Configuring the TPA instance

  • Verifying the deployment

Deploy TAS (Module 4)

Complete Module 4: Setup Trusted Artifact Signer in the TL3 lab.

This module covers deploying TAS on OpenShift, including:

  • Installing the TAS operator

  • Configuring Fulcio, Rekor, and cosign

  • Verifying the deployment

Next Steps

With both TPA and TAS deployed, proceed to Trusted Artifact Signer (TAS) Exercises.