[P1BIGROCKS-1779](https://jira.il2.dso.mil/browse/P1BIGROCKS-1779) __WARNING: This epic is still a WORK IN PROGRESS, details of the assessments and definitions of done are still being worked out__ ## Problem Statement To ensure the widest adoption of Big Bang (and more specifically Big Bang Core), it's vital that the primary functionality remains free and opensource. Currently, only 5/7 core packages are truly free and open source, with Twistlock being completely behind a paywall, and Elasticsearch being partially ([sso.tax](https://sso.tax)). ## Solution Evaluate free and open-source alternatives to the two remaining packages that don't meet these criteria. ### Twistlock Alternative needs to support active/passive runtime defense. Container scanning is _not_ part of bigbang core (is this up for debate?), but is a plus alternatives include _but are not limited to_: * [falco](https://falco.org/) * Anchore (part of BB already) * https://github.com/aquasecurity/starboard (wrapper for Trivy) * https://github.com/quay/clair * [NeuVector](https://neuvector.com/) #### Dependencies Twistlock is not a dependency of any another Big Bang tool. ### Elasticsearch bigbang#373 #### Dependencies Elasticsearch and Kibana are used as dependencies for other core Big Bang components: * fluentbit - Need to identify if fluentbit/fluetnd can use alternative collection, or whether a new log scraper can be identified * Cluster Auditor - inserts violations into the `violations` index for searching. Will need to identify another data sink for this data and provide the outputs via a user interface: * Prometheus/grafana? * Jaeger - Refactor of Jaeger as part of bigbang!330 leverages the existing Elasticsearch cluster as a backend for tracing data. * Mattermost - Optionally can use elastic for optimized search indexing, requires enterprise #### Alternatives * loki - for log aggregation * grafana - for log visualization. This is already part of the monitoring stack * promtail - for log scraping ## Implementation Questions * Should Big Bang Core allow for optional implementation solutions for core capabilities (e.g., provide flexibility to default Elasticsearch for logging OR Opensource solution), or continue to be opinionated and mandate the core solution * Elasticsearch and Twistlock should continue to be available as part of Big Bang. This provides the first time that a package will move from `core` to `addons`. How to we gracefully handle this in the values file to maintain backwards compatibility for users * Should existing users be moved to open-source solutions by default, or should they keep their current implementations by default?