GrammaTech IronBank Container for CodeSonar and Wind River VxWorks

The IronBank (also known as the DoD Centralized Artifacts Repository) is a collection of signed container images for both open source and commercial software (COTS). The IronBank repository is part of the overall US Department of Defense Platform One Products and Services, specifically the Customer DevSecOps Platform (DSOP).

These IronBank containers are hardened according to the Container Hardening Guide and are accredited for use across departments of the DoD. GrammaTech already has an IronBank container ready and approved for deployment. Containerized development environments make tool deployment more secure and quick to deploy but also easier to maintain and keep uniform across the organization.

The demonstration in the video below illustrates how versatile containers can be. In the example shows how the CodeSonar container can be used with Wind River VxWorks real time operating system (RTOS) development environment. The demonstration shows just how easy it is to deploy SAST into your development environment and get immediate feedback on code quality and security. This sort of software pipeline integration helps accelerate DevSecOps by reducing the number of vulnerabilities introduced into the software right at the point the code is written.

Was this article helpful?
0 out of 0 found this helpful

Articles in this section

GrammaTech Resource Library
Welcome to GrammaTech's resource library. Here you will find useful information about software development in the IoT era, where devices must not only function with impeccable quality and safety but also remain resilient to cyber attacks.
Shift Left Academy
Shift Left Academy is an educational resource to help implement a security first approach. Shift Left focuses on finding and preventing defects and security vulnerabilities early in the software development process
Posts by topic including static analysis, software assurance, and binary analysis