diff --git a/docs/understanding-bigbang/licensing-model.md b/docs/understanding-bigbang/licensing-model.md index 2807dec47eee0ec2db54f1130adcf5c3459eefb7..e55fbd4e451694cee18a1dc63030d1f4af8a7ad7 100644 --- a/docs/understanding-bigbang/licensing-model.md +++ b/docs/understanding-bigbang/licensing-model.md @@ -47,12 +47,17 @@ Licensing of products deployable by Big Bang are not covered by Big Bang or Plat | Open Policy Agent Gatekeeper | Policy Enforcement (Core App) | Apache License 2.0 (Free/OSS) | * [Styra](https://www.openpolicyagent.org/support) is the original creator of OPA and can offer commercial support. | | Kyverno | Policy Enforcement (Core App) | Apache License 2.0 (Free/OSS) | * Kyverno is a fully open-source product, however there are [multiple companies](https://kyverno.io/support/) which provide paid support services for it. | | Istio Controlplane, Istio Operator, and Kiali | Service Mesh, Operator, and Service Mesh Dashboard (Core App) | Apache License 2.0 (Free/OSS) | * [Tetrate](https://www.tetrate.io/) is an Istio Vendor that can offer commercial support. | -| Jaeger | APM (Application Performance Monitoring) / Tracing (Core App) | Apache License 2.0 (Free/OSS) | | -| Prometheus Operator Stack (Prometheus, Grafana, AlertManager, Loki, etc.) | Metrics, Metrics Dashboard, and Alerts (Core App) | GNU Affero General Public License v3.0 | | +| Jaeger | APM (Application Performance Monitoring) / Tracing (Core App) | Apache License 2.0 (Free/OSS) | | | +| Prometheus | Metrics and monitoring. (Core App) | Apache License 2.0 (Free/OSS) | | +| AlertManager | Alerting. (Core App) | Apache License 2.0 (Free/OSS) | | +| Loki | Log aggregation. (Core App) | GNU Affero General Public License v3. | | +| Grafana | Dashboard. (Core App) | GNU Affero General Public License v3. | | +| Harbor | Container and chart registry. (AddOn App) | Apache License 2.0 (Free/OSS) | | +| Tempo (Grafana) | Service-mesh trace collector. (AddOn App) | GNU Affero General Public License v3. | | | Fluentbit | Log Shipper (Core App) | Apache License 2.0 (Free/OSS) | | | ECK (Elastic Cloud on Kubernetes) (ElasticSearch and Kibana) | Log Storage and Log Dashboard (Core App) | [Elastic License](https://github.com/elastic/cloud-on-k8s/blob/master/LICENSE.txt) (Freemium) | **Enterprise features of note:** Kibana SSO, authn, authz, FIPS 140-2 mode, audit logging require an enterprise tier license. **Free tier notes:** BigBang's Authservice/Authentication Proxy could be put in front of Kibana to achieve basic SSO with all or nothing access. PartyBus uses licensed ElasticSearch <https://www.elastic.co/subscriptions> [licensing](package-architecture/elasticsearch-kibana.md#licensing) | | Cluster Auditor | Collects OPA GK events and sends them to ElasticSearch for Review (Core App) | Apache License 2.0 (Free/OSS) | | -| Twistlock / Prisma Cloud Compute | Runtime Security, Security Dashboard, Intrusion Prevention (Core App) | Prisma Cloud Compute License (Paid Product that requiring a license) | **Prisma Cloud License is required for an ATO'd cluster.** [Considering investigating alternatives](https://repo1.dso.mil/groups/platform-one/big-bang/-/epics/74) Licenses are sold per node. Each defender on a node uses 7 credits and the credits are purchased in bundles of 100 credits. <https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/welcome/licensing> <https://docs.paloaltonetworks.com/prisma/prisma-cloud/20-09/prisma-cloud-compute-edition-admin/install/install_kubernetes.html> [licensing](package-architecture/twistlock.md#licensing) | +| Twistlock / Prisma Cloud Compute | Runtime Security, Security Dashboard, Intrusion Prevention (Core App) | Prisma Cloud Compute License (Paid Product requiring a license) | **Prisma Cloud License is required for an ATO'd cluster.** [Considering investigating alternatives](https://repo1.dso.mil/groups/platform-one/big-bang/-/epics/74) Licenses are sold per node. Each defender on a node uses 7 credits and the credits are purchased in bundles of 100 credits. <https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/welcome/licensing> <https://docs.paloaltonetworks.com/prisma/prisma-cloud/20-09/prisma-cloud-compute-edition-admin/install/install_kubernetes.html> [licensing](package-architecture/twistlock.md#licensing) | | ArgoCD | GitOps (AddOn App) | Apache License 2.0 (Free/OSS) | | | Velero | Backup and Recovery of Persistent Volumes (AddOn App) | Apache License 2.0 (Free/OSS) | | | Keycloak | SSO (Single Sign On) and Federated Authn. (AddOn App) | Apache License 2.0 (Free/OSS) | | @@ -62,6 +67,8 @@ Licensing of products deployable by Big Bang are not covered by Big Bang or Plat | Nexus | Generic Artifact Repository (AddOn App) | Nexus Repository OSS: Eclipse Public License v1.0 Nexus Repository Pro: Paid Licensed product | **Enterprise features of note:** HA, SAML SSO, Auth Token Support **Free tier notes:** A non-HA deployment can quickly auto heal thanks to Kubernetes, AWS S3 blob storage. <https://www.sonatype.com/products/repository-oss-vs-pro-features> <https://www.sonatype.com/products/pricing> | | Gitlab, Gitlab Runners | GitRepo, Container Registry, and CICD Software Factory (AddOn App) | Gitlab Community Edition: MIT Expat license Gitlab Enterprise Edition: (multiple tiers) | **Premium features of note:** Release Controls, Project Management **Ultimate features of note:** Unlimited Guest Users, Advanced Security Testing (Note this functionality comes from container images that may not yet be in Iron Bank) **Free tier notes:** Free tier is fine for Proof of Concepts, but the Release Controls in Premium tier contain security controls that would be necessary for a cATO pipeline. Party Bus has multiple instances of Gitlab, most use Premium, a few use Ultimate. Party Bus's Gitlab pipelines integrate with additional licensed apps: Twistlock, Anchore, [Fortify](https://repo1.dso.mil/big-bang/product/packages/fortify), [SD Elements](https://www.securitycompass.com/sdelements/), and others. (This is offered as a data point, it doesn't mean these are required for a cATO pipeline, the Consumer of Big Bang's AO makes that call.) <https://about.gitlab.com/pricing/#self-managed> <https://gitlab.com/gitlab-org/gitlab-foss/-/tree/master#editions> | | SonarQube Community Edition | Static Code Analysis (AddOn App) | SonarQube CE: GNU Lesser GPL License v3 (Community Edition is Free/OSS) | An Enterprise Edition Exists, but is not bundled by Big Bang | -| Anchore Enterprise Edition* | Vulnerability Scanner (AddOn App) | Anchore Enterprise Edition (Paid/Licensed) Anchore OpenSource Edition Apache License 2.0 (Free/OSS) | **Licensed features of note:** Proprietary Vulnerability Data Feeds for increased accuracy, NIST 800-190, Docker CIS Compliance, DoD container Policy Compliance, cATO Capable, RBAC, SSO **Free tier notes:** Big Bang's values file can be set to deploy the OSS version for Proof of Concept deployments. Party Bus and other Platform One services use the licensed version <https://docs.anchore.com/3.0/docs/faq/#2> <https://anchore.com/pricing/> [licensing](package-architecture/anchore.md#licensing) <https://repo1.dso.mil/big-bang/product/packages/anchore-enterprise/-/blob/main/docs/CHART.md#adding-enterprise-components> | | Vault | Secret management (AddOn App) | Mozilla Public License 2.0 | | -| Metrics Server | Scalable, efficient source of container resource metrics. (AddOn App) | Apache License 2.0 | | \ No newline at end of file +| Metrics Server | Scalable, efficient source of container resource metrics. (AddOn App) | Apache License 2.0 (Free/OSS) | | +| NeuVector | Zero-trust container security. (AddOn App) | Apache License 2.0 (Free/OSS) + | | +| Fortify | Software security center. (AddOn App) | Helm Chart: MIT Expat license SSC: Proprietary license provided by Micro Focus | | \ No newline at end of file