Trusted Software Factory

Trusted Software Factory (TSF) is a deployable instance of Konflux that brings a secure software supply chain to your OpenShift Container Platform cluster. TSF integrates Konflux with Red Hat Trusted Artifact Signer and Red Hat Trusted Profile Analyzer to provide end-to-end build, sign, and verify workflows for container images.

What TSF provides

  • Secure build pipelines — Tekton-based CI/CD pipelines that produce signed container images with SLSA Level 3 provenance.

  • Artifact signing — Automatic cryptographic signing of container images using Red Hat Trusted Artifact Signer (Fulcio, Rekor, TUF).

  • Software bill of materials — SBOM generation and vulnerability analysis through Red Hat Trusted Profile Analyzer.

  • Identity management — Red Hat build of Keycloak for single sign-on and access control.

  • Container registry integration — Push built images to your Quay organization with automatic repository creation.

Get started

Follow these guides in order to install and use TSF:

  1. Preparing to install TSF — Verify cluster requirements, set up accounts, and prepare credentials.

  2. Installing TSF — Start the installer, configure integrations, and deploy all services.

  3. Verifying and accessing TSF — Access the Konflux UI and review deployed components.

  4. Getting started with TSF — Onboard your first application and verify the secure build pipeline.

If you encounter issues during installation, see Troubleshooting TSF installation.