Uploaded image for project: 'Product Roadmaps'
  1. Product Roadmaps
  2. MMF-2131

SonarQube provides DOD-approved Docker images

    XMLWordPrintable

    Details

    • Type: MMF
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Labels:
      None

      Description

      WHY

      The USA Department of Defense (DoD) maintains a repository of images [https://software.af.mil/dsop/services/] that are accredited for use by DoD customers.

      Why can’t they use our standard Docker images?

      The DoD wants all approved containers to be based on approved & hardened base images as well as for the top software layers to undergo a thorough security scan. Software based on non-compliant base images or with outstanding vulnerabilities that have not been addressed or justified will not be approved for use by DoD customers.
      We decided to fully with a process for making SonarQube images available within this repo.

      What are the benefits?

      • Adopting DoD-compliant security scanning practices as part of our own release hardening will allow us to detect vulnerabilities in our own & dependent software that we were otherwise only learning of reactively.
      • Software that’s gone through the approval process will not require customers to complete STIGs in order to run the software. STIG requests from US Government customers represent a not-insignificant volume of Community threads and commercial support tickets.

      WHAT

      Resources

      We want to provide and support official images for all the SonarQube editions we already offer on DockerHub: SonarQube CE, DE, EE

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              christophe.levis Christophe Levis
              Reporter:
              christophe.levis Christophe Levis
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: