Hi Jim, thanks for bringing this discussion here. Generally speaking, it sounds like a reasonable idea to open TinkerPop opportunities to the DoD environment. Would it be fair to call IronBank a DoD approved DockerHub? Would the idea be that TinkerPop would release to IronBank in the same cadence as is done with the standard release schedule that publishes to DockerHub?
If so, I think a concern would be that supporting IronBank creates a hurdle to releasing that may be high and thus delay releases that might otherwise be acceptable outside of that space. I don't know if it makes sense, but perhaps releasing to IronBank should be decoupled from standard releases? Like 3.5.5 would go out the door and then a separate process would go under way to harden 3.5.5 to meet IronBank needs? Of course, then the 3.5.5 in IronBank isn't necessarily the 3.5.5 in DockerHub so that could be problematic. Do you happen to know how other major open source projects do this? On Wed, Dec 14, 2022 at 4:51 PM Jim Foscue <[email protected]> wrote: > Ironbank discussion > > I would like to suggest making tinkerpop/gremlin available on the DoD > Ironbank docker registry (https://ironbank.dso.mil). > > Ironbank is a DoD docker registry that maintains publicly available docker > container images that have been "hardened' and given the ok to use on DoD > contracts. The process of hardening an image involves running the docker > container image through a vulnerability scanning process. Any critical and > high vulnerabilities have to be addressed before getting the docker > container image approved for DoD use. > > My team has been using the publicly available tinkerpop/graph on a DoD > contract that is a prototype. But to continue using it in a more official > process we have to have it approved by Ironbank. > > Therefore, I am trying to get the tinkerpop developer community to get > onboard to push this to Ironbank so that we and other DoD contracts can use > it. > > We have access to the Ironbank system (which requires a US government CAC) > and are willing to help guide the process. > > Please consider this request and provide any feedback to me at your > convience. > > Regards, > > Jim Foscue > JDM Solutions > > > > -- > *Jim Foscue*, Software Engineer > *JDM Solutions* > 256.694.9387 > [email protected] <[email protected]> > > -- > *This e-mail and any attachements are for the intended recipient(s) only > and may contain information proprietary or private to JDM Solutions, LLC. > If you are not the intended recipient **please delete without copying and > kindly advise the sender by e-mail of the mistake in delivery. This email > may be personal in communication from the sender and as such does not > represent the views of the company.* >
