Enterprise Cloud Management Agency

Built around a DevSecOps culture, we offer authorized DevSecOps tools and continuous integration/continuous delivery (CI/CD) pipelines which enable software development teams to design, utilize and implement pre-built paths to production that enable cloud-native software development and continuous software modernization, within a secure, stable and reliable platform. CReATE provides a DevSecOps ecosystem with a range of tools, services and capabilities to enable planning, CI/CD orchestration, development, build, test, security and release of products.

Available Enterprise Engineering Tools are a suite of IL-5 accredited tools and capabilities with a range of DSO and software development lifecycle capabilities. Tools deployed boost efficiency and serve as a total Army resource for modern software development. Users can focus on providing the best possible software instead of worrying about getting and maintaining the tools they need.

Source code push team (SCRerer) provides guidance on building pipelines that can deploy an application to production through a series of security checks, which have been put in place through consultation with application security validation engineers. The SRCerer premiere products offers a source code push model that provides repeatable, accredited build processes with inherited controls. SRCerer allows application teams to drastically reduce the time it takes for the application to go from ideation to running in production in a secure and approved way. SRCerer customers, those using the SCRerer pipeline, not just guidance, inherit ~75% of security technical implementation guidance (STIG) controls from our product using App Dev STIG. The application security validation engineer (AVSE) team has developed a security pipeline that can be added to build pipelines to ensure minimum security requirements are met. Currently the pipelines ASVE have pre-built focus on those application on the CReATE-SWF path to production. For those following an alternat P2P modifications would need to be made. Our ASVE team members are developer security advocates that bridge the gap between technical implementation and compliance to reduce debt for teams and accelerate deployments. Along any path to production there will be continuous integration/continuous deployment occurring. And at times an organization may not quite be ready for a full path to productions. While not writing pipelines for application teams continuous integration (CI) assistance is available from SCRerer and customer success which may extend the use of CReATE's engineering productivity tools by enabling teams to perform builds, unit tests, static code analysis and other CI-only actions, allowing teams to foster DevSecOps behaviors and culture on their team.

A cloud-native computing foundation Kubernetes conformant architected environment is at the base of the CReATE platform. The infrastructure exploits CSP-managed services and technologies to create cybersecurity hardened-raw ingredients, with added value further down the software supply chain for continuous observability, monitoring and alerts for the platform. Characteristics include high availability across three availability zones, automated provisioning, Kubernetes version parity with CSP, disaster recovery and OCI compliant container images. The availability of common-stack services and capabilities to be offered will support a “self-service” concept for infrastructure provisioning. This will allow CReATE’s tenant software development teams and factories to focus on the SDLC without needing to maintain the underlying infrastructure.

Accessibility and access control, as CReATE is accessible via commercial and DoD network with a CAC single sign on. User and team access controls via a government off-the-shelf self-service application. Collaboration, project and document management with requirements tracing and issue tracking capabilities. Software team collaboration Source code, release, software dependency management Software assurance Software artifact storage Automated build, test, deployment (pipelines) Code and application dependency scanning Container and container image scanning and storage See more at the CReATE DevSecOps Playbook.

Security considerations are part of all processes, from platform configuration to applications deployments and several points along the way. Security and integration of not only security tools, but also Cybersecurity personnel from the beginning of applications lifecycle are included in the overall CReATE platform solutions and are key to the continuous monitoring, risk management and authorization for which CReATE strives. CReATE’s multi-tenancy architecture requires security, especially as related to access and deployment of all services, to be an integral part of delivery. Currently pre-bult pipelines designed by the CReATE application security validation team (ASV) have a focus on those applications on the CReATE partner AFC-SWF path to production. For those following an alternate P2P, modifications would need to be made. Our ASV team members are developer security advocates that bridge the gap between technical implementation and compliance to reduce debt for teams and accelerate deployments.

 To ensure our tenants are set up for success, CReATE is committed to delivering excellence in the facilitation of onboarding. By simplifying the success gaps for our user community and by providing tenants’ sustainment needs by integrating a full-support lifecycle across the Army CReATE product organization, we ensure that all tenants are aware of and properly set up in every tool and infrastructure that they need. Because of CReATE’s diverse mission areas, none of our tenants are structured the exact same way. Our dedicated customer success team ensures that each tenant receives the care and attention they need to thrive in the fast-paced world of DevSecOps. We also provide continuous support to our tenants through regular vendo- led lunch & learns, quarterly user community meet-ops, quarterly executive reviews, and our “Ask CReATE Anything” channel on MS Teams, which currently has more than 3,200 users. Any issue a user has can be submitted in a service ticket for prompt attention and communication.