U.S. Department of Defense (DoD) teams that manage DevSecOps software factories or that use DevSecOps factories to develop, secure and operate mission applications, need a trusted repository management system to store their local artifacts as well as artifacts pulled from Iron Bank, the DoD’s central repository of hardened container images. Artifacts that are stored include VM images, container images, binary executables, archives, documentation and many more package types.
JFrog Artifactory, now certified for Iron Bank — also known as the DoD Centralized Artifact Repository (DCAR) — can serve as the scalable, universal, artifact repository management system in the software supply chain to execute these DevSecOps powered software factories. Artifactory supports all major programming languages, package managers and technologies used in modern software development, and empowers these DevSecOps teams to simplify artifact lifecycle management, while providing consistency to their software factory pipelines.
Follow these steps to get started with setting up a remote repository in JFrog Artifactory to proxy Iron Bank container images in less than 5 minutes.
1. Log in to Artifactory using the appropriate URL and right credentials.
2. Under the ‘Welcome’ drop-down, click “New Remote Repository.”
3. Choose “Docker” as package type.
4. Enter a “Repository Key”, the name used to access the remote repository.
Set the URL field to “https://registry1.dso.mil/”.
Enter your credentials for remote authentication.
Note: Credentials for remote authentication can be obtained from your Iron Bank User Profile by logging here.
Click on the “Test” button to test both the URL and remote authentication credentials provided.
Click “Save and Finish.”
5. Remote repository setup is complete and you are ready to pull hardened images from the IronBank registry.
6. Verify the latest pulled image in the remote repository: docker-ironbank-remote.
In addition to creating remote repositories using the UI, you can also use Artifactory’s extensive set of APIs for automation and for integrating other software vendor tools into your software factories.
REST APIs for creating a remote repository can be found here.