Add exercise 7 and tidy up links.

data/workshop/exercise2.mdx

@@ -92,7 +92,7 @@ Documentation you may find helpful is:
 
 If your pair session with Angie has finished and the hub cluster is secured please post in `#event-anz-ocp-security-hackathon` with the message:
 
-> Please review [team name] solution for exercise 2.
+> Please review [team name] solution for exercise 2, we have laid the foundations for cluster security.
 
 This exercise is worth `25` points. The event team will reply in slack to confirm your updated team total score 🎉 
 

data/workshop/exercise3.mdx

@@ -35,7 +35,7 @@ You confirm the required mode with Angie & Brent as `Full` and then run the `oc
 
 Documentation you may find helpful is:
 
-- https://docs.openshift.com/container-platform/4.16/networking/network_security/configuring-ipsec-ovn.html
+- https://docs.openshift.com/container-platform/4.17/networking/network_security/configuring-ipsec-ovn.html
 
 
 ## 3.2 - Observing cluster network rollout

data/workshop/exercise5.mdx

@@ -10,7 +10,7 @@ summary: "Let's apply an industry benchmark!"
 
 The first two days of the consulting engagement at ACME have whirled by. You're working remotely today for day three and are pairing up with Melissa from the banks compliance squad.
 
-On the agenda today is to harden the `prd-acme-hub` cluster by understanding and remediating compliance against the [NIST 800-53 benchmark](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf).
+On the agenda today is to harden the `prd-acme-hub` cluster by understanding and remediating compliance against the [NIST 800-53 moderate benchmark](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf).
 
 The bank must comply with this specific benchmark to meet the requirements of their regulation legislation known as APRA (ACME Penny Regulation Act, 1998).
 
@@ -21,13 +21,13 @@ The bank must comply with this specific benchmark to meet the requirements of th
 
 You’re got an upcoming Microsoft Skype for Business™ video call with Melissa in 30 minutes to show her how compliant the cluster is currently.
 
-Time to quickly get the [OpenShift Compliance Operator](https://docs.openshift.com/container-platform/4.16//security/compliance_operator/co-overview.html) installed and run a scan via Red Hat Advanced Cluster Security. Better hurry!
+Time to quickly get the [OpenShift Compliance Operator](https://docs.openshift.com/container-platform/4.17//security/compliance_operator/co-overview.html) installed and run a scan via Red Hat Advanced Cluster Security. Better hurry!
 
 As with last time, to limit PTSD induced panic attacks among the ACME  platform team the operator must be set to update mode `Manual`.
 
 Documentation you may find helpful is:
 
-- https://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/security_and_compliance/compliance-operator#installing-compliance-operator-web-console_compliance-operator-installation
+- https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/security_and_compliance/compliance-operator#installing-compliance-operator-web-console_compliance-operator-installation
 
 
 ## 5.2 - Scheduling a compliance scan
@@ -55,14 +55,14 @@ To demonstrate to her how the compliance operator can make automated remediation
 
 Documentation you may find helpful is:
 
-- https://docs.openshift.com/container-platform/4.16//security/compliance_operator/co-scans/compliance-operator-remediation.html#compliance-applying_compliance-remediation
+- https://docs.openshift.com/container-platform/4.17//security/compliance_operator/co-scans/compliance-operator-remediation.html#compliance-applying_compliance-remediation
 
 
 ## 5.4 - Check your work
 
 If you've successfully run the compliance scan and remediated the compliance issue to show Melissa how things work please post in `#event-anz-ocp-security-hackathon` with the message:
 
-> Please review [team name] solution for exercise 5, our cluster is now [percentage] compliant against NIST 800-53 at a cluster level.
+> Please review [team name] solution for exercise 5, our cluster is now [percentage] compliant against NIST 800-53 moderate at a cluster level.
 
 This exercise is worth `25` points. The event team will reply in slack to confirm your updated team total score 🎉 
 

data/workshop/exercise6.mdx

@@ -32,7 +32,7 @@ The namespace Angie needs to query is `prd-acme-experimental`, can you track dow
 
 Documentation you may find helpful is:
 
-- https://docs.openshift.com/container-platform/4.16/security/audit-log-view.html
+- https://docs.openshift.com/container-platform/4.17/security/audit-log-view.html
 
 
 ## 6.2 - Removing the culprit

data/workshop/exercise7.mdx

@@ -0,0 +1,62 @@
+---
+title: Bonus challenge - Supply chain shmozzle
+exercise: 7
+date: '2024-11-08'
+tags: ['openshift','supply chain','rhtas']
+draft: false
+authors: ['default']
+summary: "Time to sign your life away..."
+---
+
+
+Whew - it's the last day of this weeks scheduled engagement 🥱. Tomorrow you're on leave to play the new Factorio Space Age expansion and you can't wait!
+
+Brushing aside thoughts of grandiose video game factories you review the task list for today. Top of the list is ironically a core component of software factories, addressing a supply chain security requirement from Brent about introducing capability to sign artifacts on premises.
+
+As part of the $5m AUD deal the sales team included [Red Hat Trusted Artifact Signer (RHTAS)](https://access.redhat.com/products/red-hat-trusted-artifact-signer) to enhance software supply chain security by simplifying cryptographic signing and verifying of software artifacts, such as container images, binaries, and Git commits.
+
+Brent is keen to get this up and running ASAP as the bank have planned to implement this capability for the prior 6 years in various forms, but always been "busy" with other things.
+
+Nothing to it but to do it!
+
+
+## 7.1 - Deploy the signing platform
+
+Brent's JIRA ticket explains that the signing platform should be deployed to the `prd-acme-rhtas` namespace on the production cluster.
+
+> **Note** Teams are free to use any OIDC provider from the options of Red Hat Single Sign-on (SSO), Google, Amazon Secure Token Service (STS), or GitHub.
+
+<Zoom>
+|![rhtas](/static/images/security/rhtas.png)                                    | 
+|:-----------------------------------------------------------------------------:|
+| *Installing the Red Hat Trusted Artifact Signer operator*                     |
+</Zoom>
+
+Documentation you may find helpful is:
+
+- https://docs.redhat.com/en/documentation/red_hat_trusted_artifact_signer/1/html-single/deployment_guide/index#installing-trusted-artifact-signer-using-the-operator-lifecycle-manager_deploy
+- https://developers.redhat.com/learning/learn:install-sign-verify-using-red-hat-trusted-artifact-signer/resource/resources:install-and-deploy-red-hat-trusted-artifact-signer
+
+
+## 7.2 - Sign a container image
+
+To test the platform out you join a quick call with Brent to walk him through how to sign a local container image with `cosign` and then inspect the hash in the Rekor web interface. 
+
+<Zoom>
+|![rekor](/static/images/security/rekor.png)                                    | 
+|:-----------------------------------------------------------------------------:|
+| *Searching for a record in Rekor*                                             |
+</Zoom>
+
+Documentation you may find helpful is:
+
+- https://docs.redhat.com/en/documentation/red_hat_trusted_artifact_signer/1/html-single/deployment_guide/index#signing-and-verifying-containers-by-using-cosign-from-the-command-line-interface_deploy
+
+
+## 7.3 - Check your work
+
+If you've successfully deployed a secure signing platform and showed Brent how it worked please post in `#event-anz-ocp-security-hackathon` with the message:
+
+> Please review [team name] solution for exercise 7, our Rekor record is <url>.
+
+This exercise is worth `25` points. The event team will reply in slack to confirm your updated team total score. Congratulations if you have reached this point you have completed the entire hackathon! 🎉