Core Components
| Product | URL | Description |
|---|---|---|
| Iron Bank | https://ironbank.dso.mil | The overarching project name. The website lists all available containers, provides access to download artifacts such as scanning reports. |
| Repo1 | https://repo1.dso.mil | The Git repository and CI pipelines supporting the container hardening effort. |
| Registry1 | https://registry1.dso.mil | A full-fledged OCI-compliant registry where users can download images via command-line. |
| VAT | https://vat.dso.mil | The Vulnerability Assessment Tracker (VAT) provides end-to-end management of justifications for known vulnerabilities and other findings. |
Security Policies
-
Acceptance Baseline Criteria (ABC): Formalizes the requirements for container hardening and acceptance into Iron Bank
-
Overall Risk Assessment (ORA): Calculates overall risk of a container image with metrics such as project health and open vulnerabilities
Additional Tools
-
OpenSCAP: DISA STIG compliance
-
Anchore: CVE and DoD compliance identification
-
Twistlock: CVE identification
-
Cosign: is an opensource tool that is used to create cryptographic signature artifacts and store them in OCI-compliant registries alongside the artifacts that they sign. Using Cosign to sign images in registires allows registry users and NPEs to verify the authenticity of images pulled from that repository using PKI.
-
Renovate: is a free and open source tool that automatically updates dependencies. Renovate supports multiple languages and platforms such as docker, golang, and nodejs.