Right, I deal with NIST 800-53 based things where we have heavy albeit manual auditing. We pull from Iron Bank mostly but also employ Nexus Firewall. People can’t pull direct Docker Hub.

▲

password4321 4 days ago | parent [-]

Yes, if you need someone else to work on securing your Docker base images for free, you can get more info about the US Air Force Platform One IronBank at https://docs-ironbank.dso.mil/faq

> Currently there is no cost to contributors or users for Iron Bank. It is a service currently funded by the US Department of Defense.

You can poke around for their public Dockerfile's to build yourself at https://repo1.dso.mil/explore (for example: https://repo1.dso.mil/dsop/opensource/debian/debian12.x/debi...) but to do much useful you'll need an account.

Another organization in Platform One, Big Bang uses IronBank containers to implement a reference DevSecOps CI/CD architecture; I mention them because they maintain a mirror at https://github.com/DoD-Platform-One/bigbang

	▲	mdaniel 4 days ago \| parent [-]
		A reference CI/CD architecture with a 2466 line helm values.yaml, whew <https://github.com/DoD-Platform-One/bigbang/blob/3.5.1/chart...> I have no idea who would win in a fight between people with literal guns and IBM's legal team <https://repo1.dso.mil/big-bang/product/packages/vault/-/blob...> vs <https://github.com/hashicorp/vault/blob/v1.20.2/LICENSE>. I guess to their credit, they do say at the top "licensing is complicated" but then go on to cite the old actual open source license that no longer applies https://github.com/DoD-Platform-One/bigbang/blob/3.5.1/docs/...