GrammaTech IronBank Container for CodeSonar and Wind River VxWorks

November 12, 2021 Mark Hermeling

news.grammatech.comhubfscodesonar61 copy

The IronBank (also known as the DoD Centralized Artifacts Repository) is a collection of signed container images for both open source and commercial software (COTS). The IronBank repository is part of the overall US Department of Defense Platform One Products and Services, specifically the Customer DevSecOps Platform (DSOP).

These IronBank containers are hardened according to the Container Hardening Guide and are accredited for use across departments of the DoD. GrammaTech already has an IronBank container ready and approved for deployment. Containerized development environments make tool deployment more secure and quick to deploy but also easier to maintain and keep uniform across the organization.

The demonstration in the video below illustrates how versatile containers can be. In the example shows how the CodeSonar container can be used with Wind River VxWorks real time operating system (RTOS) development environment. The demonstration shows just how easy it is to deploy SAST into your development environment and get immediate feedback on code quality and security. This sort of software pipeline integration helps accelerate DevSecOps by reducing the number of vulnerabilities introduced into the software right at the point the code is written.

VxWorks_IronBank

 

Previous Article
Software supply chain exploits are exploding–How to proactively prevent threats
Software supply chain exploits are exploding–How to proactively prevent threats

Your software supply chain is increasingly coming under attack - straining your existing cyberse...

Next Article
Integrations are Key to Success in DevSecOps for Embedded Development
Integrations are Key to Success in DevSecOps for Embedded Development

The term DevSecOps is a contraction of developer, security and operations. Despite the buzzword ...