diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..1890d279505824dda6cb5403625f01c4c6d80bc0
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,28 @@
+FROM registry1.dso.mil/ironbank/aiml/python/python-r-ai as base
+FROM registry1.dso.mil/ironbank/opensource/r/r-studio as final
+
+COPY --from=base /usr/local/bin/ /usr/local/bin/
+COPY --from=base /usr/local/lib/ /usr/local/lib/
+COPY --from=base /opt/python/ /opt/python/
+
+USER root
+
+COPY tini /usr/local/bin/tini
+RUN chmod +x /usr/local/bin/tini
+
+RUN chown -R default /var/lib/rstudio-server /var/run/rstudio-server /opt/R/ && \
+    chmod -R g=u /var/lib/rstudio-server && \
+    chmod -R g=u /etc/rstudio && \
+    chmod +t /var/run/rstudio-server
+
+WORKDIR /tmp/repo
+COPY compat-openssl10.tar.gz .
+RUN tar xvf /tmp/repo/compat-openssl10.tar.gz
+RUN yum install -y /tmp/repo/*.rpm
+
+USER 1001
+EXPOSE 8787
+HEALTHCHECK --start-period=60s CMD rstudio-server status | grep -e "running"
+
+ENTRYPOINT ["tini", "-g", "--"]
+CMD ["rstudio-server", "start"]
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..cbb015877cbd298e0c0f14da464ea5f63650eb0d
--- /dev/null
+++ b/hardening_manifest.yaml
@@ -0,0 +1,52 @@
+---
+apiVersion: v1
+
+# The repository name in registry1, excluding /ironbank/
+name: "aiml/r/rstudio"
+
+# List of tags to push for the repository in registry1
+# The most specific version should be the first tag and will be shown
+# on ironbank.dsop.io
+tags:
+- "1.4.1106"
+- "latest"
+
+# Build args passed to Dockerfile ARGs
+args:
+  BASE_IMAGE: "carnegie-mellon/python-ai/python38-ai"
+  BASE_TAG: "latest"
+
+# Docker image labels
+labels:
+  org.opencontainers.image.title: "rstudio"
+  org.opencontainers.image.description: "JupyterLab is the next-generation web-based user interface for Project Jupyter."
+  org.opencontainers.image.licenses: "MIT License (MIT)"
+  org.opencontainers.image.url: " "
+  org.opencontainers.image.vendor: "rstudio"
+  org.opencontainers.image.version: "1.4.1106"
+  mil.dso.ironbank.image.keywords: "jupyter,notebook,terminal,text editor,datascience,ui,data,science"
+  mil.dso.ironbank.image.type: "opensource"
+  mil.dso.ironbank.product.name: "jupyterlab"
+
+resources:
+- filename: tini 
+  url: https://github.com/krallin/tini/releases/download/v0.19.0/tini 
+  validation:
+    type: sha256
+    value: 93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c 
+- filename: compat-openssl10.tar.gz
+  url: http://coeus-fileserver.centralus.cloudapp.azure.com/compat-openssl10.tar.gz
+  validation:
+    type: sha256
+    value: b7ce2eb6b599b4a396d196fbd90854f09fe1c81298c910e2f19d25692bfc6393 
+
+# List of project maintainers
+maintainers:
+- email: "remccarthy@sei.cmu.edu"
+  name: "Rob McCarthy"
+  username: "remccarthy"
+  cht_member: false
+- email: "daniel.komnick@gmail.com"
+  name: "Daniel Komnick"
+  username: "dkomnick"
+  cht_member: false
diff --git a/scripts/builder/Dockerfile b/scripts/builder/Dockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..bdb571c080e28caaf8071df4b5d938fdf6d7ba80
--- /dev/null
+++ b/scripts/builder/Dockerfile
@@ -0,0 +1,20 @@
+FROM registry1.dso.mil/ironbank/redhat/ubi/ubi8:latest
+
+# usage
+# build the container:
+# docker build --build-arg RHEL_USERNAME='username' --build-arg RHEL_PASSWORD='password' -t rstudio:builder .
+# run the container
+# docker run -v $(pwd):/outdir
+# see tarball in cwd
+
+ARG RHEL_USERNAME
+ARG RHEL_PASSWORD
+
+RUN subscription-manager register --auto-attach --username $RHEL_USERNAME --password $RHEL_PASSWORD
+
+RUN subscription-manager repos --enable rhel-8-for-x86_64-appstream-rpms --enable codeready-builder-for-rhel-8-x86_64-rpms
+RUN yum install -y createrepo
+
+COPY entrypoint.sh /
+RUN chmod +x /entrypoint.sh
+ENTRYPOINT ["/entrypoint.sh"]
diff --git a/scripts/builder/entrypoint.sh b/scripts/builder/entrypoint.sh
new file mode 100644
index 0000000000000000000000000000000000000000..789913ab3fb2050582899e5af809469bd0d0d8cc
--- /dev/null
+++ b/scripts/builder/entrypoint.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+yum install -y --downloadonly --downloaddir=/tmp/repo compat-openssl10
+createrepo /tmp/repo
+tar cvf compat-openssl10.tar.gz -C /tmp/repo .
+mv compat-openssl10.tar.gz /outdir/
+