Alternate Sources - SonaType Nexus - Artifact Repository/Repository Management for CI/CD
Looking for contract opportunity help?
APEX Accelerators are an official government contracting resource for small businesses. Find your local APEX Accelerator (opens in new window) for free government expertise related to contract opportunities.
APEX Accelerators are funded in part through a cooperative agreement with the Department of Defense.
The APEX Accelerators program was formerly known as the Procurement Technical Assistance Program (opens in new window) (PTAP).
General Information
- Contract Opportunity Type: Sources Sought (Updated)
- Updated Published Date: Aug 01, 2024 03:02 pm CDT
- Original Published Date: Jul 30, 2024 03:19 pm CDT
- Updated Response Date: Aug 08, 2024 11:00 am CDT
- Original Response Date: Aug 08, 2024 11:00 am CDT
- Inactive Policy: 15 days after response date
- Updated Inactive Date: Aug 23, 2024
- Original Inactive Date: Aug 23, 2024
- Initiative:
- None
Classification
- Original Set Aside:
- Product Service Code: 7A21 - IT AND TELECOM - BUSINESS APPLICATION SOFTWARE (PERPETUAL LICENSE SOFTWARE)
- NAICS Code:
- 513210 - Software Publishers
- Place of Performance: San Antonio , TX 78205USA
Description
Our goal is to identify a solution that can provide a repository manager that organizes, stores and distributes development artifacts in a DevSecOps environment. The repository should provide a single point of reference for approved application containers and software artifacts for users. The repository will store, integrate with keycloak identity credential and access management (ICAM) and make available to operational organizations for evaluation and operational acceptance that have been through Continuous Integration (CI) and automated Continuous Deployment (CD) pipelines. Thereby, creating a DevSecOps compliant express lane for certification to field (CtF) and deployment of applications.
The following are some of the key characteristics that we are using to meet our organizational objectives. While this list is not exhaustive, it does provide a snapshot of some of the most important requirements for our environment:
- Ability to store artifacts in AWS S3
- Create Docker repository mirrors
- Available as a helm chart / containerized deployment for Kubernetes
- Supports SAML or OIDC authentication and authorization (Group assertions from the Idp are honored)
- Role-based access control management (RBAC) for local images
- Supports the creation and use of apt, docker, raw, maven2, rpm, pypi, npm, conda, go, gitlfs, helm, nuget, r, and yum repositories.
- Supports the use of api tokens / personal access tokens to retrieve software programmatically
- Supports the use of subdomain routing, and the use of multiple subdomains for assigning to repositories
- Support for multiple authentication systems
- Proxy access to external repositories
- Ability to record use in auditable logs so that activity can be traced to a single user
- Optimized for automation
Attachments/Links
Contact Information
Contracting Office Address
- CP 210 977 2497 230 HALL BLVD STE 114
- SAN ANTONIO , TX 78243-7007
- USA
Primary Point of Contact
- Karin Werner
- karin.werner.1@us.af.mil
Secondary Point of Contact
- Marisa Flores
- marisa.flores.2@us.af.mil
History
- Aug 23, 2024 11:04 pm CDTSources Sought (Updated)
- Jul 30, 2024 03:19 pm CDTSources Sought (Original)