4 min

Red Hat is hosting its annual summit in Boston this week, announcing numerous new solutions there. Two of them focus on software development, with the Red Hat Developer Hub (Backstage) primarily intended to provide more overview and the Red Hat Trusted Software Supply Chain intended to make software development more secure and reliable.

As far as we are concerned, the Red Hat Developer Hub is the most appealing product. To sum it up briefly, the Red Hat Developer Hub is the commercial-supported version of Spotify’s Backstage. Organizations using Backstage still rely on community forums if they encounter problems. With the Developer Hub they can also get more premium (paid) support.

Also read: Red Hat unveils Enterprise Linux 9.2, sporting many new features

Red Hat Developer Hub = Spotify Backstage

Several months ago, it was already clear that Red Hat was actively participating in Backstage, making it increasingly likely that Red Hat would build a commercial product around it. It means Backstage will get more innovation and Red Hat will offer support on the solution. Red Hat is putting some of its development capacity into taking Backstage to the next level. In the core of Backstage, Red Hat is making several improvements to make the product more mature and run better. All that code is donated to the open-source community, so even if you don’t want to pay for Backstage, you do get a better product, thanks in part to Red Hat.

For those unfamiliar with Backstage, it is a developer portal where all an organisation’s developers can manage and monitor their projects. The different infrastructure platforms the organisation uses can be uniformly offered to developers through this platform. They can therefore create, manage, monitor and deploy all the infrastructure services they need from this platform, regardless of where they are running. In addition, developers can document their projects here so that colleagues in turn can more easily use the built solution or APIs. It provides more visibility into the many development projects and infrastructure an organization uses. It also provides a piece of governance and compliance that many organisations seek.


One of the most significant improvements coming is the on-the-fly addition and removal of plugins. Currently, to do this, you have to recompile the entire environment to catch any dependencies; soon you won’t have to. That is one of the major stumbling blocks of Backstage that Red Hat will solve.

In addition, Red Hat is working on making available all kinds of best practices on how best to set up Backstage for certain types of projects. By doing so, it hopes to help organizations get started faster.

Backstage was developed by Spotify, then made open source and donated to the CNCF. The CNCF now has this project under its management to grow it further. Just as it manages Kubernetes and many other projects. For Red Hat, the fact that the CNCF is monitoring the project’s oversight is probably also one of the reasons it started supporting Backstage.

The official availability of Red Hat Developer Hub is still unclear, it has now been announced, expected to be available later this year.

Red Hat Trusted Software Supply Chain

With Red Hat Trusted Software Suply Chain, Red Hat wants to try to add a piece of security already during the development process. Research shows that 75% of application code today is open-source code. However, these components are under pressure as cyber attacks on the software supply chain only increase. Therefore, organizations would like to add some security during the development process. On the one hand, this is actively scanning code that is being programmed, but on the other hand, verifying packages and libraries that are added to a development project. Active verification in the CI/CD pipeline can be done with Red Hat Trusted Application Pipeline.

Red Hat has a database of thousands of trusted packages for Red Hat Enterprise Linux only, in addition, it also has a catalog of software and libraries for critical application runtimes for Java, Node and Python systems. This is called Red Hat Trusted Content. This service can provide all of this software and packages, guaranteeing they are secure. This is what is called enterprise-hardened trusted content. These are all checked and verified that there are no backdoors or other security vulnerabilities in them. Such a product was developed in the past with the U.S. government to provide the government with secure packages. Now it is available to everyone.

The solutions under the Red Hat Trusted Software Supply Chain should become available soon.