Gradle Inc. Achieves Iron Bank Certification and Plans to Play a Key Role in Accelerating Software Delivery Time and Securing the DoD Software Supply Chain

Iron Bank certification paves the way for leveraging Develocity to accelerate the software build and test processes, improve troubleshooting, provide greater observability in efforts to secure the SDLC, and help the US deliver better software faster to create a global competitive advantage.

San Francisco, CA, January 25, 2024—Gradle Inc. today announced that Develocity is now accredited in Iron Bank and available via the US Department of Defense’s Platform One. Iron Bank is a groundbreaking central repository that contains authorized container images hardened to address the DevSecOps initiatives of the Pentagon. Develocity’s acceptance as a hardened software platform into Iron Bank, the centralized artifact repository, allows any DoD agency to easily and confidently acquire and deploy its developer productivity platform.

At the core of Develocity is a unique service called Build Scan® that developers use as an “x-ray” to observe everything that happened during a software build. Private sector companies run millions of Build Scans every day to troubleshoot broken builds and identify opportunities to speed up build and test feedback cycles. Most importantly to the DoD, it can also be used to identify security vulnerabilities at a level of granularity and end-to-end traceability that has never been seen before. 

The ability to rapidly identify and remediate security vulnerabilities—as well as accelerate unnecessarily slow builds and fix avoidable build and test failures—is critical to minimizing software delivery times. And rapid software delivery provides a competitive advantage in the DoD’s race for global cybersecurity leadership, while playing a vital role in addressing “Executive Order (14028) on Improving the Nation’s Cybersecurity” with the mandated level of urgency.

With Iron Bank certification, Gradle also demonstrates its on-going commitment to providing the highest levels of application security for its clients in the DoD, the broader public sector, and highly regulated industries such as financial services. Develocity already supports key data security functionality and compliance standards, including  SSO, SCIM, granular role-based access controls, at-rest and inflight encryption, the ability to deploy to air-gapped networks, SOC2, and GDPR compliance.

Gradle partnered closely with Defense Unicorns to provide strategic consulting and accelerate the Iron Bank certification. Defense Unicorns is a team of innovators, software engineers, and veterans with decades of experience delivering technology programs across DoD and the broader federal market. They specialize in platform technologies that enable rapid and reliable delivery of capabilities across a wide range of mission and technology areas.

“Gradle is helping thousands of developers within DoD leverage their OSS build tools every day. It’s amazing to see open source centric companies continue to put time and priority in serving national security missions through both open source and enterprise offerings” said Rob Slaughter, CEO of Defense Unicorns.

By meeting Iron Bank container hardening and transparency standards, Develocity is now part of the container registry that has Continuous Authority to Operate (cATO). In general, this enables the DoD community to operate a secure software supply chain of accredited software providers. Specifically, it allows developers to easily push validated code into production more quickly using processes and procedures that are faster and more efficient than previous methods.

“We look forward to working closely with the DoD agencies and partnering with the Defense Solutions Integrators to accelerate the development of critical software and remediating security vulnerabilities—all while making developers more productive every day”, says Hans Dockter, CEO and founder of Gradle Inc. “We have done this with the most modern technology companies like Netflix, AirBnb, and LinkedIn, and strictly regulated companies including JPMC and Nasdaq. As a result, we are well experienced in meeting the scale, security challenges, and velocity that the DoD needs to optimize its development operations.”

Contact

LaunchSquad for Gradle
gradle@launchsquad.com