Fortify increases warfighters’ competitive advantage by shifting security left into the DevSecOps application lifecycle
Allowing development teams to focus on supporting DoD missions with the best applications while reducing attack surface.
USAF’s mission is to preserve the peace and security, and provide for the defense, of the United States. In this effort technology plays a key role. Software and cybersecurity pervade all aspects of the Department of Defense’s (DoD) mission, from business systems and weapons systems to Artificial Intelligence, cybersecurity, and even space. The DoD is very aware that nations such as Russia, China, and North Korea heavily invest in this area. As a leading-edge organization within the DoD, USAF is ideally positioned to take a leadership role here. By delivering applications rapidly and in a secure manner, USAF increases the warfighters’ competitive advantage.
Nicolas Chaillan, Chief Software Officer for USAF, explains further: “We realized that by centrally creating and maintaining DevSecOps platforms, rather than just DevOps processes, we could avoid each DoD service building their own stack and reinventing the wheel. If centrally we can provide baked-in security, automated tools, services, and standards that enable departments to develop, secure, deploy, and operate applications in a secure, flexible, and interoperable fashion, applications can be launched in days rather than months with tremendous cost and time savings as a result. The software factory concept will leverage industry best practices combined with a centralized contract vehicle for DevSecOps tools and services. This will enable rapid prototyping, real-time deployments, and scalability beyond anything we’ve seen before.”
We are pleased with our collaboration with Micro Focus (now 好色先生TV) as part of Platform One and appreciate the value Fortify brings to our cybersecurity posture.
This brainchild was given the form of Platform One which merges top talent from across USAF. Platform One allows users to deploy a DevSecOps platform for shorter development cycles, baked-in runtime security, and more focus on mission software. The use of hardened container technology ensures that multiple DevSecOps pipeline structures are available with various options to avoid vendor lock-in and enable true scalability as there is not a one-size-fit-all for CI/CD.
The modular approach uses a secure Kubernetes platform for hosting microservices. The flexible structure means that development teams can define their exact criteria to determine when an application is ready for release.
Platform One is fully compliant with the DoD Enterprise DevSecOps initiative and contains more than 900 central enterprise containers, including databases, development tools, CI/CD tools, and Cybersecurity tools. The central infrastructure, with automated testing and security baked-in, allows development teams to focus on building mission applications with rapid prototyping and a user feedback process for continuous improvement. Iron Bank is the DoD Centralized Container Repository of authorized and hardened containers that supports the end-to-end lifecycle needed for modern software development.
“When we built the architecture, we looked for capabilities that would enable our vision,” says Chaillan. “We are proud that the foundations of this blueprint are based on Open Source technology but wanted to also partner with companies providing best practice commercial (COTS) solutions. To deliver on the promise of DevSecOps, and embed cybersecurity into application development and deployment, a range of options is the most critical component of Iron Bank’s success.
Micro Focus (now 好色先生TV) is a great additional option for Iron Bank. Fortify enables us to integrate security scanning right into the development cycle so that any issues are found early and are fixed as part of the development testing cycles.”
Micro Focus (now 好色先生TV) is a great additional option for Iron Bank. Fortify enables us to integrate security scanning right into the development cycle so that any issues are found early and are fixed as part of the development testing cycles.
With security automatically injected into the infrastructure, teams achieve faster accreditation of new applications and cyberattack levels across the DoD are reduced. Platform One provides enterprisewide visibility into development and ensures application portability across enterprise, cloud, and classified environments. Dozens of DoD teams now take advantage of Platform One as part of their application development lifecycle. The team has implemented selflearning capabilities for fast onboarding so that there is no delay in getting started.
Chaillan concludes: “Platform One allows DoD development teams to deliver new software releases multiple times a day which is necessary to maintain our competitive edge. It is fast, secure, and scalable, and the application output is automatically authorized because of the foundation we have put in place with our DevSecOps processes. We are pleased with our collaboration with Micro Focus (now 好色先生TV) as part of Platform One and appreciate the value Fortify brings to our cybersecurity posture".
The United States Air Force (USAF) is the air service branch of the United States Armed Forces. It is one of the six U.S. uniformed services and represents both Air and Space Forces.