@@ -47,12 +47,17 @@ Licensing of products deployable by Big Bang are not covered by Big Bang or Plat
| Open Policy Agent Gatekeeper | Policy Enforcement (Core App) | Apache License 2.0 (Free/OSS) | *[Styra](https://www.openpolicyagent.org/support) is the original creator of OPA and can offer commercial support. |
| Kyverno | Policy Enforcement (Core App) | Apache License 2.0 (Free/OSS) | * Kyverno is a fully open-source product, however there are [multiple companies](https://kyverno.io/support/) which provide paid support services for it. |
| Istio Controlplane, Istio Operator, and Kiali | Service Mesh, Operator, and Service Mesh Dashboard (Core App) | Apache License 2.0 (Free/OSS) | *[Tetrate](https://www.tetrate.io/) is an Istio Vendor that can offer commercial support. |
| ECK (Elastic Cloud on Kubernetes) (ElasticSearch and Kibana) | Log Storage and Log Dashboard (Core App) | [Elastic License](https://github.com/elastic/cloud-on-k8s/blob/master/LICENSE.txt)(Freemium) | **Enterprise features of note:** Kibana SSO, authn, authz, FIPS 140-2 mode, audit logging require an enterprise tier license. **Free tier notes:** BigBang's Authservice/Authentication Proxy could be put in front of Kibana to achieve basic SSO with all or nothing access. PartyBus uses licensed ElasticSearch <https://www.elastic.co/subscriptions>[licensing](package-architecture/elasticsearch-kibana.md#licensing) |
| Cluster Auditor | Collects OPA GK events and sends them to ElasticSearch for Review (Core App) | Apache License 2.0 (Free/OSS) | |
| Twistlock / Prisma Cloud Compute | Runtime Security, Security Dashboard, Intrusion Prevention (Core App) | Prisma Cloud Compute License (Paid Product that requiring a license) | **Prisma Cloud License is required for an ATO'd cluster.**[Considering investigating alternatives](https://repo1.dso.mil/groups/platform-one/big-bang/-/epics/74) Licenses are sold per node. Each defender on a node uses 7 credits and the credits are purchased in bundles of 100 credits. <https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/welcome/licensing><https://docs.paloaltonetworks.com/prisma/prisma-cloud/20-09/prisma-cloud-compute-edition-admin/install/install_kubernetes.html>[licensing](package-architecture/twistlock.md#licensing) |
| Twistlock / Prisma Cloud Compute | Runtime Security, Security Dashboard, Intrusion Prevention (Core App) | Prisma Cloud Compute License (Paid Product requiring a license) | **Prisma Cloud License is required for an ATO'd cluster.**[Considering investigating alternatives](https://repo1.dso.mil/groups/platform-one/big-bang/-/epics/74) Licenses are sold per node. Each defender on a node uses 7 credits and the credits are purchased in bundles of 100 credits. <https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/welcome/licensing><https://docs.paloaltonetworks.com/prisma/prisma-cloud/20-09/prisma-cloud-compute-edition-admin/install/install_kubernetes.html>[licensing](package-architecture/twistlock.md#licensing) |
@@ -62,6 +67,8 @@ Licensing of products deployable by Big Bang are not covered by Big Bang or Plat
| Nexus | Generic Artifact Repository (AddOn App) | Nexus Repository OSS: Eclipse Public License v1.0 Nexus Repository Pro: Paid Licensed product | **Enterprise features of note:** HA, SAML SSO, Auth Token Support **Free tier notes:** A non-HA deployment can quickly auto heal thanks to Kubernetes, AWS S3 blob storage. <https://www.sonatype.com/products/repository-oss-vs-pro-features><https://www.sonatype.com/products/pricing> |
| Gitlab, Gitlab Runners | GitRepo, Container Registry, and CICD Software Factory (AddOn App) | Gitlab Community Edition: MIT Expat license Gitlab Enterprise Edition: (multiple tiers) | **Premium features of note:** Release Controls, Project Management **Ultimate features of note:** Unlimited Guest Users, Advanced Security Testing (Note this functionality comes from container images that may not yet be in Iron Bank) **Free tier notes:** Free tier is fine for Proof of Concepts, but the Release Controls in Premium tier contain security controls that would be necessary for a cATO pipeline. Party Bus has multiple instances of Gitlab, most use Premium, a few use Ultimate. Party Bus's Gitlab pipelines integrate with additional licensed apps: Twistlock, Anchore, [Fortify](https://repo1.dso.mil/big-bang/product/packages/fortify), [SD Elements](https://www.securitycompass.com/sdelements/), and others. (This is offered as a data point, it doesn't mean these are required for a cATO pipeline, the Consumer of Big Bang's AO makes that call.) <https://about.gitlab.com/pricing/#self-managed><https://gitlab.com/gitlab-org/gitlab-foss/-/tree/master#editions> |
| SonarQube Community Edition | Static Code Analysis (AddOn App) | SonarQube CE: GNU Lesser GPL License v3 (Community Edition is Free/OSS) | An Enterprise Edition Exists, but is not bundled by Big Bang |
| Anchore Enterprise Edition* | Vulnerability Scanner (AddOn App) | Anchore Enterprise Edition (Paid/Licensed) Anchore OpenSource Edition Apache License 2.0 (Free/OSS) | **Licensed features of note:** Proprietary Vulnerability Data Feeds for increased accuracy, NIST 800-190, Docker CIS Compliance, DoD container Policy Compliance, cATO Capable, RBAC, SSO **Free tier notes:** Big Bang's values file can be set to deploy the OSS version for Proof of Concept deployments. Party Bus and other Platform One services use the licensed version <https://docs.anchore.com/3.0/docs/faq/#2><https://anchore.com/pricing/>[licensing](package-architecture/anchore.md#licensing)<https://repo1.dso.mil/big-bang/product/packages/anchore-enterprise/-/blob/main/docs/CHART.md#adding-enterprise-components> |
| Vault | Secret management (AddOn App) | Mozilla Public License 2.0 | |
| Metrics Server | Scalable, efficient source of container resource metrics. (AddOn App) | Apache License 2.0 | |
\ No newline at end of file
| Metrics Server | Scalable, efficient source of container resource metrics. (AddOn App) | Apache License 2.0 (Free/OSS) | |
