Skip to main content

An official website of the United States government

You have 2 new alerts

Alternate Sources - SonaType Nexus - Artifact Repository/Repository Management for CI/CD

Looking for contract opportunity help?

APEX Accelerators are an official government contracting resource for small businesses. Find your local APEX Accelerator (opens in new window) for free government expertise related to contract opportunities.

APEX Accelerators are funded in part through a cooperative agreement with the Department of Defense.

The APEX Accelerators program was formerly known as the Procurement Technical Assistance Program (opens in new window) (PTAP).

General Information

  • Contract Opportunity Type: Sources Sought (Updated)
  • Updated Published Date: Aug 01, 2024 03:02 pm CDT
  • Original Published Date: Jul 30, 2024 03:19 pm CDT
  • Updated Response Date: Aug 08, 2024 11:00 am CDT
  • Original Response Date: Aug 08, 2024 11:00 am CDT
  • Inactive Policy: 15 days after response date
  • Updated Inactive Date: Aug 23, 2024
  • Original Inactive Date: Aug 23, 2024
  • Initiative:
    • None

Classification

  • Original Set Aside:
  • Product Service Code: 7A21 - IT AND TELECOM - BUSINESS APPLICATION SOFTWARE (PERPETUAL LICENSE SOFTWARE)
  • NAICS Code:
    • 513210 - Software Publishers
  • Place of Performance:
    San Antonio , TX 78205
    USA

Description

Our goal is to identify a solution that can provide a repository manager that organizes, stores and distributes development artifacts in a DevSecOps environment. The repository should provide a single point of reference for approved application containers and software artifacts for users. The repository will store, integrate with keycloak identity credential and access management (ICAM) and make available to operational organizations for evaluation and operational acceptance that have been through Continuous Integration (CI) and automated Continuous Deployment (CD) pipelines. Thereby, creating a DevSecOps compliant express lane for certification to field (CtF) and deployment of applications.

The following are some of the key characteristics that we are using to meet our organizational objectives. While this list is not exhaustive, it does provide a snapshot of some of the most important requirements for our environment:

  1. Ability to store artifacts in AWS S3
  2. Create Docker repository mirrors
  3. Available as a helm chart / containerized deployment for Kubernetes
  4. Supports SAML or OIDC authentication and authorization (Group assertions from the Idp are honored)
  5. Role-based access control management (RBAC) for local images
  6. Supports the creation and use of apt, docker, raw, maven2, rpm, pypi, npm, conda, go, gitlfs, helm, nuget, r, and yum repositories.
  7. Supports the use of api tokens / personal access tokens to retrieve software programmatically
  8. Supports the use of subdomain routing, and the use of multiple subdomains for assigning to repositories
  9. Support for multiple authentication systems
  10. Proxy access to external repositories
  11. Ability to record use in auditable logs so that activity can be traced to a single user
  12. Optimized for automation

Contact Information

Contracting Office Address

  • CP 210 977 2497 230 HALL BLVD STE 114
  • SAN ANTONIO , TX 78243-7007
  • USA

Primary Point of Contact

Secondary Point of Contact

History