DevSecOps Buyer's Guide

Austin, TX / Army Futures Command (AFC)

The Army’s Soldier-Led Software Factory was founded in 2021 with the vision that contractors would not own their products.

The Software Factory mainly focuses its software development on programs within Army’s six modernization priorities. Funding for this software factory is through the Software Factory Advanced Software Development activity within the Army Agile Innovation and Demonstration (PE 0603025A) program. The current budget does not list a figure for this activity, but in FY23 the figure was $4.72M.

In FY23, the Software Factory added two new focus areas for software development supporting Army Modernization that include Common Operating Environment, Command Post, Modular Open Systems Approach (MOSA), Robotics and Autonomous Systems, Soldier Situational Awareness and Synthetic Training.

Learn More

Montgomery, AL / Program Executive Office Business Enterprise Systems (PEO-BES)

The Business and Enterprise Systems Product Innovation (BESPIN) team was founded in 2019 with an original budget of $21M in seed funding. It was the third software factory created by the Air Force. Bespin specializes in mobile application development.

Bespin has a Continuous Authority to Operate (cATO) and offers other services such as a design studio, user experience monitoring, and cloud operations support.

BESPIN was not created to support specific DoD programs, and functions more reactively to support warfighters as needed. BESPIN also manages the Air Force Mobile Center of Excellence.

A 2022 RAND report claims Bespin had about 346 personnel at the time. There were 16 officers, 56 enlisted, 23 civilians, and 251 contractors.

Learn More

Joint Base San Antonio-Lackland, TX / AFLCMC Cryptologic and Cyber Systems Division

Black Label is a software factory founded in 2020 that specializes in supporting offensive cyber and information warfare capabilities for the 16th Air Force (AFCYBER). It is directly partnered with the 90th Cyberspace Operations Squadron.

Black Label received an award from Platform One in 2021 worth $300K to support its operations.

Black Label has worked closely with Omni Federal, GDIT, Clarity, TDMK, and Centech.

Learn More

Warner Robins Air Logistics Complex, GA / 402nd Software Engineering Group (SWEG)

Blue Sky was established in 2019 by the 402nd Software Engineering Group (SWEG) as a Platform One node alongside SkiCAMP and Thunder CAMP. It was founded in partnership with Mercer University in downtown Macon, GA.

According to a RAND report the software factory helped “both new and legacy software development teams leverage Platform One services and provide consulting on adopting more-modern DevSecOps approaches to software development.”

As of 2020, Blue Sky has 60 civilian personnel making it the larger in personnel size than both the other software factories it was established alongside.

Note: This software factory may be defunct. The last reference to Blue Sky that could be found was in 2022. Blue Sky is no longer listed on the USAF’s software factory website.

Learn More

Scott AFB, IL / Air Mobility Command

Conjure, created by the 375th Communications Support Squadron, was recognized as an official software factory in September 2020. The software factory focuses on global mobility communication security (COMSEC) and Air Mobility Command/Air Combat Command mission planning systems.

Conjure has previously partnered with both Kessel Run and Platform One on multiple projects.

Learn More

Morris ANG Base, AZ / Air National Guard Air Force Reserve Command Test Center (AATC)

Corsair Ranch established in 2019, supports the Air Reserve Component (ARC) through ARCWERX, their version of AFWERX. Corsair Ranch works on multiple weapon systems and helps work with flight testing.

The software factory hosts annual hackathons to test the integrity of their software.

A 2022 RAND report claimed Corsair Ranch had about 15 personnel at the time. There were 2 officers, 6 enlisted, and 7 contractors.

Learn More

Wright-Patterson AFB, OH / Air Force Research Laboratory Materials & Manufacturing Directorate (AFRL/RX)

Hangar 18 was established in September 2021 by the Air Force Research Laboratory. They focus primarily on support for modeling, digital engineering, and digital transformation.

Hangar 18 is involved closely with AFRL’s Off-Board Sensing Station (OBSS) program within the Autonomous Collaborative Platforms program. The program is focused on producing low-cost attributable aircraft and unmanned aerial systems. General Atomics and Kratos have been awarded contracts within this program.

Learn More

Hanscom AFB, MA / AFLMC Digital Directorate

Kessel Run was the first software factory established by the DoD, having been founded by the Defense Innovation Unit (DIU) in 2017. Kessel Run focuses on modernizing command & control systems.

Kessel Run is divided into three branches: Operational C2, Wing C2, and All-Domain Common Platform. Kessel Run serves as a program office for multiple programs of record.

Kessel Run has been closely aligned with the DoD’s Combined Joint All Domain Command and Control (CJADC2) initiative. The software factory’s SlapShot task management software was used to organize the Afghan withdrawal.

They have also worked closely on code for the Air Operations Center (AOC), F-35 Joint Strike Fighter, and the Advanced Battle Management System (ABMS).

A 2022 RAND report claimed Kessel Run had 1,179 personnel at the time. There were 82 officers, 21 enlisted, 213 civilians, and 863 contractors.

Learn More

Los Angeles AFB, CA / United States Space Command (USSPACECOM)

Kobayashi Maru, created in 2018, was the second software factory established by the Air Force. It’s goal is modernizing Space Domain Awareness (SDA) and works closely with the Combined Space Operations Center (CSpOC), 18th Space Control Squadron (SPCS), and the National Space Defense Center (NSDC). It now is a part of the U.S. Space Force.

Kobayashi Maru also has a software portfolio that includes Space Defense, Space Tasking Cycle, Electronic Warfare, Delta Status and Reporting and Defensive Cyber Operations - Space (DCO-S).

Kobayashi Maru’s original software package was developed by Palantir.

A 2022 RAND report claimed Kobayashi Maru had 230 personnel at the time. There were 20-25 officers, 5 civilians, and about 200 contractors.

Learn More

Joint Base San Antonio-Lackland, TX / Unified Platform (UP) Program Management Office (PMO)

LevelUp was founded in December 2019 and works closely with the Platform One team. It focuses mainly on defensive cyber operations.

LevelUp supports USCYBERCOM and its cyber service components. Ten companies were awarded contracts to partner with LevelUp under the LevelUp Cloud Services Basic Ordering Agreement (BOA), including Carahsoft.

A 2022 RAND report claims that LevelUp had 132 personnel at the time. There were 9 officers, 22 civilians, and 101 contractors.

Learn More

Rome, NY / DAF Cloudworks

ODIN is run by DAF Cloudworks and is the Secret/Top Secret version of Platform One.

As of December 2022, ODIN had 110 tenants, 2,402 unique users, and 403 total Gitlab projects.

The next steps for protecting the DevSecOps layer are partnering with the National Air and Space Intelligence Center (NASIC) to deploy Identity, Credential, and Access Management (ICAM) Zero Trust Architecture and enabling the Cloud Cyber Defense Service of Common Concern (SOCC).

It is an ever-evolving platform, if an agency has the funding to deploy a capability on ODIN, the team behind it will do it.

Learn More

San Antonio, TX / Program Executive Office Command, Control, Communications, Intelligence, and Networks (PEO-C3I&N)

Platform One is a cloud-based DevSecOps environment that hosts continuous integration/continuous development (CI/CD) pipelines and Kubernetes services.

Platform One was created in January 2020 and originally developed by Booz Allen Hamilton. Platform One runs three basic ordering agreements (BOAs) for cloud services, DevSecOps pipelines and platform integration, and software DevSecOps services.

Platform One uses 5 resellers to help distribute its products: Accenture, Booz Allen Hamilton, BrainGu, RevaComm, and Seed Innovations.

A 2022 RAND report claimed that Platform One had 208 personnel at the time. There were 5 officers, 3 civilians, and about 200 contractors.

Learn More

Warner-Robins AFB, GA / 402nd Software Engineering Group (SWEG)

Project Synergy was established by the 402nd SWEG in March 2021. The software factory focuses on “an application that sits between the host computer and terminal radio of a B-1 or B-52 bomber platform.”

Project Synergy's facility will host 150 members of the 580th Software Engineering Squadron alongside an additional 250 positions.

Project Synergy also places an emphasis on growing the software engineering workforce by offering internships and classes for students.

Learn More

Joint Base Langley-Eustis, VA / DGS-1

Red Five was formerly known as the DGS-1 Software Development Team and was supported by the 10 IS, 497th ISRG, 480th ISRW. The software factory appears to be focused primarily on geospatial intelligence (GEOINT) products.

Their existing GitHub states that their software applications are hosted by the National Geospatial-Intelligence Agency (NGA).

Note: This software factory may be defunct. The last reference to Red Five that could be found was in 2022. Red Five is no longer listed on the USAF’s software factory website. Red Five’s GitHub repositories are labeled as current as of 2020 but were last updated in 2022.

Learn More

Offutt AFB, NE / Combatant Command C2 (AFLCMC/HBC)

Rogue Blue was founded in May 2021 with support from Lockheed Martin and is located within PEO Digital’s Combatant Command C2 program office. Rogue Blue directly supports U.S. Strategic Command (USSTRATCOM). The Air Force’s software factory website specifically states that Rogue Blue is not working on programs of record (POR) for USSTRATCOM.

The software factory is mainly focused on Nuclear Command and Control (NC2) efforts. Rogue Blue also provides some support to the Joint Staff, White House Military Office, and U.S. European Command (USEUCOM).

Learn More

Oklahoma City, OK / 552nd Air Control Network Squadron

Scorpion Camp was created in October 2021 when the 552nd Air Control Network Squadron’s Development, Security and Operations Flight was designated as a software factory.

Scorpion Camp develops software for Airborne Warning and Control Systems (AWACS). It also works on software designed to “detect, defend, and deter cyber threats across high-value weapons systems.”

Learn More

San Antonio, TX / 90th Cyber Operations Squadron

Shadow's Edge is a sub-unit of the 318 Cyberspace Operations Group, 67th Cyberspace Wing, 16th Air Force at JBSA-Lackland, Texas. 

Shadow's Edge is an off-base software development unit that was founded in 2021. Its capabilities encompass offensive and defensive development to support USCYBERCOM, Cyberspace, and specific Air Force missions. 

Learn More

Hill AFB, UT / 309th Software Engineering Group (SWEG)

SkiCAMP was established in 2019 in Ogden, UT by the 309th SWEG. SkiCAMP is a “Platform One node.” SkiCAMP originated as SoniKube and focused on running Kubernetes on the F-16.

A 2022 RAND report claimed SkiCAMP had 13 civilian personnel at the time of the report.

Note: This software factory may be defunct. The last reference to SkiCAMP that could be found was in 2021. SkiCAMP is no longer listed on the USAF’s software factory website.

Learn More

Colorado Springs, CO / Air Force Research Laboratory (AFRL)

SpaceCAMP was established by the AFRL in 2019. SpaceCAMP serves Space Operations Command (SpOC), Space Systems Command (SSC), U.S. Space Command (USSPACECOM), and the U.S. Space Force Deltas.

A 2022 RAND report claimed SpaceCAMP had 37 personnel at the time. There were 4 officers, 3 civilians, and about 30 contractors.

Learn More

Barksdale Air Force Base, LA / Air Force Life Cycle Management Center’s (AFLCMC) B-2 Weapons Systems Support Center

Spirit Realm was stood up in late 2022 to support the B-2 Spirit Stealth Bomber. The software factory was built out in a partnership with Northrop Grumman.

Spirit Realm is estimated to have helped save $18M in annual flight test costs for the B-2.

Spirit Realm supports the B-2 Software Maintenance and Innovation Team within AFLCMC’s< B-2 System Program Office.

Learn More

Washington, DC / Deputy Chief of Staff for Logistics, Engineering, and Force Protection

Tesseract was stood up in 2020 by the Deputy Chief of Staff for Logistics, Engineering, and Force Protection. Tesseract focuses primarily on “accelerating combat-focused logistics innovation.”

Tesseract encourages industry partners to support the software factory through the VISION Company Connector Directory.

Learn More

Tinker AFB, OK / 76th Software Engineering Group

Thunder CAMP was established in 2019 by the 76th Software Engineering Group (SWEG) alongside SkiCAMP and BlueSky.

>The AFSC Software Directorate states that Thunder CAMP established the Crucible platform in 2019. The Crucible platforms are designed to meet the needs of embedded weapon system software development, including interfacing with System Integration Labs (SILs) for Hardware in the Loop (HitL) testing.

Note: This software factory may be defunct. The latest reference to Thunder CAMP was in 2022. It is no longer listed on the Air Force’s software factory website.

Learn More

Oahu, HI / 15th Wing, Pacific Air Forces

Tron was established in 2018 as part of the Air Force’s 15th Wing. TRON doesn’t specialize in any particular area, but had created a wide variety of tools from COVID-19 screening to water crisis response.

A 2022 RAND report claimed TRON had 24 personnel at the time. There was 1 officer, 3 enlisted, and about 20 contractors.

Learn More

San Antonio, TX / 850th Spectrum Warfare Group

Wavelength was stood up by the 850th Spectrum Warfare Group in 2022. The 850th Spectrum Warfare Group is part of the 350th Spectrum Warfare Wing. Wavelength is meant to be a “digitally native” organization.

Wavelength focuses on software-defined solutions for electronic warfare (EW).

Learn More

Arlington, VA / Deputy Assistant Secretary of the Navy for Information Warfare and Enterprise Services (DASN IWAR)

Black Pearl was launched in 2021 out of the Navy’s Chief Technology Office (CTO). Black Pearl functions similarly to the Air Force’s Platform One.

Black Pearl has worked closely on projects to support the F-18 platform and the Minotaur system. It helps provide Infrastructure as code (IaC) and Configuration as code (CAC) as well as the ability to stand up high-fidelity testing infrastructure in development environments

Black Pearl is also able to stand up common environments at higher classification levels.

Learn More

NITC Port Hueneme, CA / Naval Facilities Engineering Systems Command (NAVFAC)

NAVFACtory was established by NAVFAC in 2020. It is a Cloud Platform as a Service (PaaS) based containerized (VM-less) architecture. It operates in an IL-4 environment and uses Microsoft Azure. The personnel at NAVFACtory are all navy civilians. The NAVFACtory DevSecOps environment provides: source control, artifact repository, static analysis, build automation, test automation, dynamic analysis, containerization, and deployment automation.

Learn More

Austin, TX / 6th Marine Regiment

MCSWF is a 3-year pilot program to demonstrate the feasibility of a Marine Corps software factory. It was established by the Deputy Commandant for Information in 2023.

The initial cohort has been selected from the Communications Occupational Field. The software factory has been focused on developing tactical business applications.

Learn More

San Diego, CA / Naval Information Warfare Center (NIWC) Pacific

Overmatch Software Armory (OSA) is a Navy DevSecOps Ecosystem that supports accelerated application development. It was established in 2021.

The OSA was originally built to support Navy’s contribution to the Combined Joint All Domain Command and Control (CJADC2) initiative called Project Overmatch.

The environment is comprised of OSA Tools, Agile Core Services, multiple Collaborative Staging Environments, and Application Arsenal.

Overmatch Software Armory has environments for IL-4, IL-5, and IL-6 impact levels.

Learn More

Dahlgren, VA / Naval Surface Warfare Center Dahlgren Division (NSWCDD)

Naval Surface Warfare Center Dahlgren Division (NSWCDD) stood up Storehouse Software Factory in 2022. It began transitioning from prototyping to scaling operations in 2023.

They use a unique 5-pillar approach including Sky Solutions, Software training, Software quality & agile metrics, software development policy, and “Backyard”, which is an app that hosts existing warfare system source code.

Storehouse uses the Sky Solutions platform for their DevSecOps operations. The Sky Solutions platform is a scalable Development, Security and Operations (DevSecOps) platform supporting software development internal and external to NSWCDD.

Learn More

Riverdale, MD / PEO Integrated Warfare Systems (IWS)

The Forge was established in 2021 by PEO Integrated Warfare Systems (IWS). The Forge uses Other Transaction Authorities (OTAs) and is supported by the Consortium Management Group (CMG).

The Forge first began working to updates software for Aegis weapon systems on ships at sea. The Forge works heavily with digital engineering and digital twin technologies.

Learn More

Space Development Agency (SDA)

The Space Development Agency (SDA) began the build out of a Battle Management, Command, Control, and Communications (BMC3) application factory in 2023. BMC3 will deliver DevSecOps solutions to low-earth orbit (LEO) satellites.

SAIC won a $64M award through Other Transaction Authority (OTA) in June 2023 to help build the software factory for the SDA.

The software factory also supports the Proliferated Warfighter Space Architecture (PWSA) which is an important component of Combined Joint All Domain Command and Control (CJADC2).

Learn More

Stafford, VA

The Nebula Software Factory is an industry-based program, founded in 2022, that aims to become the birthplace of DoD software factories. It is an organization that came out of the Quantico Cyber Hub as a partnership between the Cyber Bytes Foundation and Chenega Applied Solutions’ Modernization as a Service (MaaS).

Nebula’s objective is to provide fledgling software groups within the DoD and USG industry leading tools and capabilities to jumpstart their software capability.

Learn More

Scott AFB, IL / U.S. Transportation Command (USTRANSCOM)

TCODE is a software factory for USTRANSCOM’s PEO-T. USTRANSCOM’s procurement forecast is recompeting support for TCODE with an estimated value of $25M to $50M. The current incumbent is RAFT, LLC.

TCODE is currently hosted in CloudOne’s AWS GovCloud and implementing PlatformOne’s services such as Big Bang, Iron Bank, and Cloud Native Access Point as a Service (CNAPaaS).

Learn More

Fort Meade, MD / Hosting and Compute Center (HACC)

Vulcan was launched in 2022 by DISA’s Hosting and Compute Center (HACC). Vulcan is currently offering open-source tools through GitLab, but has received an IL-5 accreditation by DISA’s Risk Management Executive (RME).

DISA found it is cost prohibitive for DoD software development teams to deploy and maintain their own SaaS tools at IL-5. The most cost-effective tool would be to have a SaaS tool directly from cloud service providers (CSPs), but there is nothing available at IL-4 and IL-5.

Vulcan is not a platform akin to Platform One, rather it is a straight SaaS DevSecOps play. Vulcan is not hosting development, test, staging, production, data, etc.

The DoD quietly rolled out git.mil, which had 2400 users as of late 2022 and is adding about 200 users a month. Vulcan is being built out using infrastructure as code.

Funding for Vulcan moved to the Defense Working Capital Fund in FY24.

Learn More

General Services Administration (GSA)

18F is a digital services agency within the Technology Transformation Services (TTS) department at the General Services Administration (GSA).

They help other government agencies modernize software development processes, improve public-facing services like websites or applications, and digitize and streamline internal systems.

Since their establishment in 2014, they’ve worked with over 35 different government agencies on numerous projects to improve user experience.

Learn More

U.S. Patent and Trademark Office

In 2018, the agency experienced a major outage on their Legacy Patent Application Locating and Monitoring system, which lasted 11 days. They got rid of program management office and turned them into integrated product teams that used an agile development process

They successfully supplanted a major application in a time period never done before (4 months), using DevSecOps and the software factory model.

Their Trademark product line has 4 different software vendors and 6 different integrated software product teams that compete with one another. With this new development model, they’ve increased their capacity to modernize legacy applications and systems in a secure and efficient manner.

Learn More

U.S. Department of Veteran’s Affairs

VA Platform One (VAPO) runs in the cloud and is VA’s recommended containerization solution.

With containerization, the code for an application, along with its files and libraries, are bundled together in a single software package that allows it to run on any device or operating system (OS). The containers share a common operating system, making them more efficient than the traditional solution, i.e., running applications in virtual machines, each with its own instance of an OS.

Currently, VAPO has eight applications in production, along with others on specialized platforms.

Learn More

Phoenix, AZ

Arizona State University has a software factory capstone project where student teams work through concurrent product and service offering lifecycles in a project context. It covers concepts including opportunity assessment, risk management, technology evaluation, licensing models, resource planning, delivery models such as hosted, turnkey, and Software as a Service (SaaS), technology acquisition, outsourcing, governance, quality assurance, software certification, and continuous process improvement.

It helps fulfil three different student needs:

• Professional development for students
• Software development for sponsored projects
• A setting for comprehensive research on human/organizational factors in software development

Learn More

Tucson, AZ

The University of Arizona’s College of Engineering created a software factory project in 2021.

This team designed, built and tested a cloud-based platform, commonly referred to as a software factory, to help students in the college’s software engineering degree program gain these experiences.

Note: This software factory may be defunct. The last reference that could be found of it was in 2022.

Learn More

Austin, TX

In 2020, Army Futures Command selected Austin Community College District as home for their new Soldier-Led Software Factory, according to this article.

The Software Factory opened at ACC’s Rio Grande Campus in Spring 2021. It builds on the college’s Computer Science and Information Technology programs. The curriculum is developed in partnership between Austin Community College District and Futures Command leadership, with support from invited global software development companies. ACC and the U.S. Army are partners in the AFC Software Factory.

The state-of-the-art factory works to change how real-life technology problems are solved in the future. Soldiers and ACC students at the Software Factory are technical advisors to Army units and organizations. The training program is among the first of its kind to upskill hidden tech talent within the military. It features specialized courses to train students and Soldiers in three tracks, agile software development, platform engineering, and product management and design.

Note: This software factory is a joint project with Army Futures Command.

Learn More

Bozeman, MT

Montana State University’s software factory was established in January 2015. The idea for a software factory in Montana grew from a collaboration with Dr. Jurgen Munch at the University of Helsinki.

The Software Factory focuses on developing software in modern development environments, with the capability to deliver concrete products in collaboration with public, non-profit, and private sector companies. It is a platform that provides the necessary processes and environment to deliver real products. It is about learning, sharing and growing entrepreneurial ideas that span the causal chain −from inception< to deployment.

Learn More

Bowling Green, OH

At BGSU’s Agile Software Factory (ASF), students develop, program and build software systems for mobile, web and desktop applications. Created in 2008, Agile Software has employed dozens of student programmers from the computer science department who work on projects for community and university partners.

“This is a real software shop—we run this like a business,” said Dr. Rob Green, assistant professor of computer science and a former director of ASF. “The students use real software development methodologies and professional-grade tools. Without fail, this experience on their resumes makes it much easier for them to get noticed by potential employers.”

Note: This software factory may be defunct. The last reference that could be found of it was in 2017.

Learn More