The IronBank (also known as the DoD Centralized Artifacts Repository) is a collection of signed container images for both open source and commercial software (COTS). The IronBank repository is part of the overall US Department of Defense Platform One Products and Services, specifically the Customer DevSecOps Platform (DSOP).
These IronBank containers are hardened according to the Container Hardening Guide and are accredited for use across departments of the DoD. GrammaTech already has an IronBank container ready and approved for deployment. Containerized development environments make tool deployment more secure and quick to deploy but also easier to maintain and keep uniform across the organization.
The demonstration in the video below illustrates how versatile containers can be. In the example shows how the CodeSonar container can be used with Wind River VxWorks real time operating system (RTOS) development environment. The demonstration shows just how easy it is to deploy SAST into your development environment and get immediate feedback on code quality and security. This sort of software pipeline integration helps accelerate DevSecOps by reducing the number of vulnerabilities introduced into the software right at the point the code is written.