Skip to content

Platform One

Platform One (P1), a Department of Defense (DoD) analogue or counterpart to Game Warden, is a DevSecOps platform that delivers applications to the government. P1 contains DoD-approved tooling for software development.

Game Warden integrates with P1 and, in so doing, has access to the P1 DoD-approved tooling for software development along with solutions available via P1, such as Big Bang and Iron Bank.

Note

Prior to proceeding to Platform One Access, please read Government Access Cards, Keycloak SSO, and Appgate SDP to confirm your understanding of the security measures implemented to protect all customer environments.

Big Bang, Iron Bank, and Party Bus comprise P1.

Big Bang

Big Bang is the DoD-approved architecture upon which Game Warden is built and upon which our applications run. Big Bang embodies Infrastructure as Code (IaC) principles, using immutable/unchangeable code that provisions DoD-approved infrastructure. Big Bang applications, therefore, have an associated ATO.

Containers that the Game Warden team deploys into the Kubernetes cluster must conform to Big Bang protocol.

Iron Bank

Similar to Nexus, which is Game Warden’s secure image registry, Iron Bank is a registry that stores containerized images that have been scanned by P1 and align with DoD standards. Iron Bank containers can be deployed to Game Warden. In addition, Iron Bank containers can be moved to Nexus and, more specifically, the Approved registry.

There are three primary Nexus registries:

  • External – This registry contains unhardened images. When you initially send us your containerized images, you add them to the External registry.
  • Unapproved – This registry contains hardened images. After you send our team images, we scan them and produce Common Vulnerabilities and Exposures (CVEs). After you resolve or justify CVEs, our team hardens images and stores them in this registry. Hardening removes unneeded components, such as ports or libraries, which may trigger breaches/attacks/vulnerabilities. After you have resolved or justified vulnerabilities, this image may be deployed to your Development (DEV) environment. Here, our engineers perform preliminary application testing and configuration. In many cases, the images may need to be hardened again, contingent upon any discovered vulnerabilities. When image vulnerabilities are at an acceptable level such that they satisfy Authority to Operate (ATO) requirements, they are moved to the Approved registry.
  • Approved – This registry contains hardened images. The Game Warden team, after Security team consent, deploys images from this Approved registry to your Kubernetes cluster.

Note

A bit of clarity relative to images and containers . . .

Docker, at its core, is a Platform as a Service (PaaS) that enables developers to build and deploy containers, which store applications and their dependencies. Since a container stores applications and all components that applications need to run successfully, containerized applications function as designed despite where you deploy them.

A Dockerfile is a text file that includes instructions on how to build a base image. A Docker image can have several layers. The first layer is the base image and represents the foundation upon which you can build other images. You must not modify the base image.

Multiple images combine to form a single application, with each image providing a specific function. For example, you might use rhel, commonly known as ubi, as your base image; ubi is a universal base image that functions as an operating system. From ubi , you might add nginx (pronounced “engine-x”) atop this unmodified base image. nginx, which has many uses, might function as your web server. You might add other images as well. These other images provide additional functionality, and each additional image aligns with a specific application need. Again, all images combine to form a single application that includes the functionality designated by each.

Pulling Containers from Iron Bank

To pull containers from Iron Bank (or if your application is not built on an Iron Bank-approved base image):

  1. Log in to the Iron Bank Hardened Containers Catalog.
    You will need to create a Platform One SSO if you do not have this credential.

  2. Use Search to locate your preferred image in the Catalog.

  3. Click this image to access the Registry One Docker Pull Command.
    In the example below, the Docker pull command appears as: 

docker pull registry1.dso.mil/ironbank/big-bang/argocd:v2.4.7`

Note

You must be registered and logged in to Registry One for the Docker pull command to work.

Party Bus

Party Bus is similar to Game Warden, as both have equivalent offerings.

Return to Help Center Home