Skip to content


Base Image Upgrade from UBI8 to UBI9

Moving forward to reduce risk

Iron Bank is reducing risk via updating the UBI based container images to the latest available version.

Continue reading

New Base Image Options

More options to manage your own risk

Iron Bank has added new base image options, including Alpine, Chainguard, Debian, Docker/Scratch, Google/Distroless, Redhat/UBI, and Suse. These additions offer greater flexibility, enhanced security, improved performance, and diverse application support for consumers. Vendor contributors also benefit from expanded reach, demonstrated security commitment, and collaborative partnerships with Iron Bank. The availability of diverse base images enables downstream consumers to effectively manage risk based on their mission requirements.

Continue reading

GitLab Labels in Repo1

Improving Workflow using labels within Repo1

Iron Bank has some exciting news to share with you about our GitLab repository, Repo1. We are making some changes to our labels to improve the workflow for our partners and internal team. These changes will make it easier to track issues and understand where they are in the process.

Continue reading

Findings Verified

Simplyfing terminology

In an effort to continually improve Iron Bank, we have listened to your feedback and have simplified the image statuses. The previous image statuses and terminology was causing a lot of confusion amongst users and we have simplified it down to one term: Findings Verified. Keep reading to find out more about this new update.

Continue reading

Iron Bank Pipeline Update

The Iron Bank pipeline has been updated

Iron Bank has updated the container hardening pipeline to use a single template. This update allows for code to select which template should be used for a given pipeline.

Continue reading

Alpine Base Image

Support for Alpine Linux in Iron Bank

Iron Bank is happy to announce the availability of Alpine Linux! Starting with the recent Alpine 3.17 release, we now offer an alpine base image and corresponding apk repositories you can use for your applications in Iron Bank.

Continue reading

ABC/ORAs Update

An Update on the Acceptance Baseline Criteria (ABC) and Overall Risk Assessment (ORA)

In May 2022, we released the Acceptance Baseline Criteria (ABC) and Overall Risk Assessment (ORA) as a Minimally Viable Product (MVP). Since then we have gotten good feedback from our vendors and contributors, but now we need feedback from our users - engineers, programs, and authorizing officials in and supporting the U.S. Department of Defense. Here are a few things you should know…

Continue reading

Introducing ABC/ORA

Minimal Viable Product release of the Acceptance Baseline Criteria (ABC) and Overall Risk Assessment (ORA)

Iron Bank is happy to announce the Minimum Viable Product (MVP) release of the Acceptance Baseline Criteria (ABCs) and Overall Risk Assessment (ORA) for Iron Bank containers, effective immediately, with a 90 day grace period described below. These process changes were informed by feedback we have received from contributors, vendors, users, and government organizations across the Department of Defense (DoD). These changes are intended to improve the process for Iron Bank contributors and provide robust data reporting for Iron Bank users.

Continue reading