ContainerizGrammaTech Provides Static Application Security Testinged, Hardened Version of CodeSonarⓇ Product is Available in DoD-approved Iron Bank DevSecOps Tools Repository
GrammaTech, a leading provider of application security testing products and software research services, today announced that its CodeSonarⓇ SAST product has been accepted into the U.S. Department of Defense’s (DoD) “Iron Bank” repository and is now available through the U.S. Air Force Platform One application portal. GrammaTech CodeSonar is accessible to all DoD agencies in the form of a digitally signed, hardened binary container image for integration into DevSecOps pipelines.
“The modern battlefield requires secure software from endpoints such as radios, missiles, airplanes and tanks all the way through the network to the Command and Control (C2) of decision makers, wherever that may be. The DoD needs best-in-class solutions and processes to build and deploy this software,” said Nicolas Chaillan, Chief Software Officer, U.S. Air Force and Co-Lead for the DoD Enterprise DevSecOps Initiative. “GrammaTech CodeSonar has been a great solution to have within the Department of Defense. Having CodeSonar as a hardened container available in Iron Bank and Platform One will be invaluable in accelerating the shift to DevSecOps DoD-wide.”
Platform One provides valuable tooling, hosts CI/CD DevSecOps pipelines, and offers a secure Kubernetes platform for hosting microservices. Authorization to go live with new applications can be achieved faster than ever by using Iron Bank hardened containers and Platform One pipeline security tools. The resulting Certificate to Field (CtF) and Continuous Authority to Operate (Continuous ATO) provides developers the ability to push validated code into production on an ongoing basis. This results in shorter development cycles, less debugging, and more rapid feature development.
“GrammaTech has a long history of conducting software security research and providing security testing products for the DoD as well as other civil, defense, and intelligence agencies,” said Mike Dager, CEO of GrammaTech. “The addition of CodeSonar to Platform One provides DoD developers with a certified, powerful and automated solution that integrates seamlessly with their workflows to quickly find and remediate vulnerabilities in code before software is released.”
The CodeSonar platform was designed to implement security early and throughout the software development life cycle, without compromising innovation and time-to-market. CodeSonar integrates easily with toolchains, methodologies and processes, allowing organizations to develop and release high quality and secure software that is free from harmful defects and exploitable weaknesses which can cause system failures and security breaches.