Blog
Base Image Upgrade from UBI8 to UBI9
Moving forward to reduce risk
Iron Bank is reducing risk via updating the UBI based container images to the latest available version.
New Base Image Options
More options to manage your own risk
Iron Bank has added new base image options, including Alpine, Chainguard, Debian, Docker/Scratch, Google/Distroless, Redhat/UBI, and Suse. These additions offer greater flexibility, enhanced security, improved performance, and diverse application support for consumers. Vendor contributors also benefit from expanded reach, demonstrated security commitment, and collaborative partnerships with Iron Bank. The availability of diverse base images enables downstream consumers to effectively manage risk based on their mission requirements.
GitLab Labels in Repo1
Improving Workflow using labels within Repo1
Iron Bank has some exciting news to share with you about our GitLab repository, Repo1. We are making some changes to our labels to improve the workflow for our partners and internal team. These changes will make it easier to track issues and understand where they are in the process.
Findings Verified
Simplyfing terminology
In an effort to continually improve Iron Bank, we have listened to your feedback and have simplified the image statuses. The previous image statuses and terminology was causing a lot of confusion amongst users and we have simplified it down to one term: Findings Verified. Keep reading to find out more about this new update.
Iron Bank Pipeline Update
The Iron Bank pipeline has been updated
Iron Bank has updated the container hardening pipeline to use a single template. This update allows for code to select which template should be used for a given pipeline.
Alpine Base Image
Support for Alpine Linux in Iron Bank
Iron Bank is happy to announce the availability of Alpine Linux! Starting with the recent Alpine 3.17 release, we now offer an alpine base image and corresponding apk repositories you can use for your applications in Iron Bank.
ABC/ORAs Update
An Update on the Acceptance Baseline Criteria (ABC) and Overall Risk Assessment (ORA)
In May 2022, we released the Acceptance Baseline Criteria (ABC) and Overall Risk Assessment (ORA) as a Minimally Viable Product (MVP). Since then we have gotten good feedback from our vendors and contributors, but now we need feedback from our users - engineers, programs, and authorizing officials in and supporting the U.S. Department of Defense. Here are a few things you should know…
Introducing ABC/ORA
Minimal Viable Product release of the Acceptance Baseline Criteria (ABC) and Overall Risk Assessment (ORA)
Iron Bank is happy to announce the Minimum Viable Product (MVP) release of the Acceptance Baseline Criteria (ABCs) and Overall Risk Assessment (ORA) for Iron Bank containers, effective immediately, with a 90 day grace period described below. These process changes were informed by feedback we have received from contributors, vendors, users, and government organizations across the Department of Defense (DoD). These changes are intended to improve the process for Iron Bank contributors and provide robust data reporting for Iron Bank users.