Stay Informed

Frequently Asked Questions

What is the Forge.mil Program?

Forge.mil is a DISA-led activity designed to improve the ability of the U.S. Department of Defense to rapidly deliver dependable software, services and systems in support of net-centric operations and warfare. Forge.mil will:

  • Enable cross-program sharing of software, system components, and services
  • Promote early and continuous collaboration among all stakeholders (e.g., developers, material providers, testers, operators, and users) throughout the development life-cycle
  • Facilitate the resolution of issues and challenges by connecting users, team members, program and community leaders, and subject matter experts making a difference in Information Technology Acquisition
  • Allow users to share knowledge, experience, and lessons learned on how to improve and accelerate software development and deployment
  • Rapidly deliver effective and efficient development and test capabilities for DoD technology development efforts
  • Help protect the operational environment from potentially harmful systems and services
  • Encourage modularity so that large programs to be developed, fielded, and operated as a set of independent components that can evolve and mature at their own rates
  • Eliminate duplicative testing and improve dependability by adopting common test and evaluation criteria supported by standard testing tools and methods

The Forge.mil family of services consists of SoftwareForge and ProjectForge. SoftwareForge is a fee-for-service capability available on both the NIPRNet and SIPRNet. ProjectForge is a fee-for-service capability currently available on the NIPRNet only for unclassified use.

Read the Cloud-based ALM for Application Development, Collaboration and Source Control .
Read the Forge.mil Case Study (.pdf) .

What is SoftwareForge?

SoftwareForge enables the collaborative development and distribution of open source software and DoD community source software. For open source and community source development projects within the DoD, SoftwareForge provides software development tools such as software version control, bug tracking, requirements management, and release packaging along with collaboration tools such as wikis, discussion forums, and document repositories to enable collaborative development amongst distributed developers. SoftwareForge is currently built on the open source Subversion version control system and CollabNet TeamForge application life cycle management tool.

To browse, join and collaborate on DoD community source and internal open source software projects, visit SoftwareForge. A valid DoD Common Access Card (CAC) OR approved external PKI certificate with a DoD government sponsor registered with Forge.mil is required for access.

The cost for SoftwareForge is $620.23 a month per project.
Cost includes storage, service desk support, basic project administrator on-boarding, platform maintenance and security.

What is ProjectForge?

ProjectForge provides the same application life cycle management tools to DoD projects and programs as SoftwareForge, but for programs and/or projects that are not doing DoD community source development and/or need to restrict access to specific project members. As with SoftwareForge, ProjectForge is a fee-for-service capability.

ProjectForge is hosted as a multi-tenant application meaning that the application infrastructure (servers and mass storage) are shared by multiple projects and users. Although the infrastructure is shared, visibility and access to the information contained in each project is protected and controlled strictly by the project owner.

To accommodate requests from the community for project space for smaller software development teams, ProjectForge now has two additional offerings for teams of up to 10 or 25 users. The cost for ProjectForge is as follows:

  • 26-100 Users - $15,526.78/month
  • 11-25 Users - $3,881.70/month
  • 10 Users - $1,552.68/month

Cost includes up to 10 GB of storage, service desk support, basic project administrator on-boarding, platform maintenance and security. Additional training and support is available at an additional cost.

If you need additional storage, training, support, or a different license/user package than those offered above, please contact the Forge.mil Business Office at businessoffice@forge.mil for a quote.

Note: A user is a project member. If you purchase a 10-user package, you can have 10 project members in a single project or up to 10 unique users over multiple projects.

To browse and download available software, report bugs, or contribute change requests, visit ProjectForge. A valid DoD Common Access Card (CAC) OR approved external PKI certificate with a DoD government sponsor registered with Forge.mil is required for access.

Read the ProjectForge Information Data Sheet .

What is the difference between SoftwareForge and ProjectForge?

SoftwareForge and ProjectForge use the exact same tool suite (CollabNet TeamForge). The main difference lies in the mission of each site, and how the default project permissions are configured. SoftwareForge is functionally equivalent to http://sourceforge.net (the Open Source software sharing site), except that it is within the DoD firewall, and only accessible to authorized DoD users with a CAC card or approved external PKI certificate holders. The default project permissions are locked to 'open' for view access - any authorized site user can view any project on the site. Write permission to each project is controlled via roles that project administrators can assign.

SoftwareForge is intended to promote cross-team and cross-service collaboration. Projects that can operate within these parameters are welcome to host projects for a lower fee than ProjectForge.

ProjectForge, by contrast, is designed for those teams who want to utilize the TeamForge tools with more restrictive view and write permissions. The default permissions on this site are set to private, and project admins have the ability to customize the access controls for their projects based on their needs. ProjectForge is a completely separate instance of the tool suite.

The decision on whether to host a project on SoftwareForge vs. ProjectForge comes down to whether you are willing/able to operate in a 'DoD-internal/public' environment where your project is viewable by authorized DoD CAC and approved external PKI certificate holders (SoftwareForge), or you require 'closed' collaboration with tighter view/write access (ProjectForge).

What capabilities are available in the system?

DISA has adopted the CollabNet platform for distributed application life-cycle management (ALM) as a core technology powering Forge.mil. It delivers a suite of integrated tools for project and idea collaboration. These tools enable DoD developers and partners to adopt collaborative best practices, reuse code assets, and have transparency across the entire development process and include the following capabilities:

  • Source code and configuration management
  • Track defects, requirements, and feature requests
  • Task hierarchy and alert mechanism
  • Collect, archive, and release packages
  • Real-time reports on tasks and trackers
  • Discussion Forums
  • Project-based Wiki
  • Document Management

The system also allows for the easy association of artifact data within each of these individual tools. For example, you can associate a particular tracker artifact (defect) with a particular code checkin in the source control system (open source Subversion version control system). More examples and an overview of the toolset can be found at http://www.collab.net/products/teamforge.

What are the guidelines for participating?

Participation guidelines will vary depending on which Forge.mil capability (SoftwareForge or ProjectForge) a user or project is utilizing. SoftwareForge is a collaborative development environment for the DoD that is modeled on popular Internet-based open source software development sites. This system will host development projects that provide opportunity for reuse and common code maintenance. The only license categories allowed for such projects are DoD community source, and certain Open Source licenses. All aspects of the project will be publicly viewable, but write permission to each project is controlled via roles that project administrators can assign.

Projects on SoftwareForge will be required to maintain 'public' view access, and will be encouraged to allow contributions from all interested parties. The goal of the site is to encourage collaboration around development and maintenance activities of these projects. This should naturally lead to more individuals becoming 'authorized committers' after they have shown they have valuable contributions to make.

For a more detailed description of the 'authorized committer' model, please see the information available on the Producing Open Source Software site.

How can I get access to Forge.mil (CAC users)?

Forge.mil is available to U.S. military, DoD government civilians and DoD contractors for Government authorized use. Access to Forge.mil requires a valid DoD Common Access Card (CAC) OR an external PKI certificate issued by an accepted Federal Government Agency, Industry Partner or a DoD-approved External Certificate Authority (ECA) with DoD government sponsor registered with Forge.mil.

To Gain Access Using a DoD CAC:

Step 1: Follow the instructions at PKI-PKE Getting Started .

  • If using a CAC, you must have ActivClient 6.2 or higher installed. To install on a government issued computer, please contact your local help desk.
  • Forge.mil users can use a variety of browsers to view and work in SoftwareForge and ProjectForge to include Internet Explorer, Firefox, Chrome, Safari and Opera. Additional configurations to make your certificates available in your browser and allow your browser to recognize and communicate with your CAC may be required. See the PKI-PKE Getting Started page for more information.

Step 2: Once you have completed Step 1 above, verify you can get to other PKI sites.

Step 3: Create a Forge.mil Account.

  • To create an account, go to SoftwareForge (requires a valid DoD CAC or external PKI Certificate). On the left hand side under "New Users", click on 'Create an Account'. Your account is active once your email address is confirmed.

Having trouble accessing Forge.mil capabilities? See FAQ 'I am unable to access SoftwareForge or ProjectForge, what troubleshooting steps can I take?' for troubleshooting instructions.

Once you create an account, you can access the following capabilities:

SoftwareForge – Browse, join and collaborate on DoD community source and internal open source software projects (fee-for-service).

ProjectForge – Browse for ‘DoD public’ content made accessible within private projects. Browse and download software, report bugs, or contribute change requests or request your own private project space (fee-for-service).

How can I get access to Forge.mil (PKI credentials issued by an accepted Federal Government agency or industry partner)?

Forge.mil is available to U.S. military, DoD government civilians and DoD contractors for Government authorized use. Access to Forge.mil requires a valid DoD Common Access Card (CAC) OR an external PKI certificate issued by an accepted Federal Government Agency, Industry Partner or a DoD-approved External Certificate Authority (ECA).

If using an external PKI certificate, you must have a DoD government sponsor who is registered in Forge in order to create a Forge.mil account. Government sponsors must register with their DoD CAC by following the Forge.mil Access Instructions for DoD CAC Users. Once your account request is received, your DoD government sponsor will receive an email requesting verification of your need for access.

Organizations that issue certificates interoperable with DoD PKI can be accepted once integrated with Forge.mil.

To Gain Access Using a PKI Certificate Issued by an Accepted Federal Government Agency or Industry Partner:

Step 1: Do you have a valid PKI certificate that is accepted by Forge.mil?

Step 2: Download and install Root and Intermediate CA certificates.

  • Run the Windows installer, InstallRoot. For the most current version of InstallRoot, see the third step on http://iase.disa.mil/pki-pke/getting_started/windows.html. These DoD root certificates are required for all PKI types (CAC, ECA and other external PKI).
  • If you are running Mac OS or Linux, see the PKI-PKE Getting Started site for instructions on how installing and configuring CA certificates.

Step 3: Verify you can get to other PKI enabled sites.

  • PKI issued by other Federal Government Agencies and Industry Partners should be able to access their agency/company intranet. Contact your local help desk if you are unable to access these sites.

Step 4: Create a Forge.mil Account.

  • Go to SoftwareForge, select your certificate, and register for an account ('Create an Account' link under 'New Users' on the left side). You will be required to search for and select a DoD government sponsor who is registered in Forge. Government sponsors must register with their DoD CAC by following the Forge.mil Access Instructions for DoD CAC Users. Once your email address is confirmed and your need for access is verified by your DoD government sponsor, your Forge account will become active.

Once you create an account, you can access the following capabilities:

SoftwareForge – Browse, join and collaborate on DoD community source and internal open source software projects for free.

ProjectForge – Browse for ‘DoD public’ content made accessible within private projects. Browse and download software, report bugs, or contribute change requests or request your own private project space (fee for service).

How can I get access to Forge.mil (ECA Certificate users)?

Forge.mil is available to U.S. military, DoD government civilians and DoD contractors for Government authorized use. Access to Forge.mil requires a valid DoD Common Access Card (CAC) OR an external PKI certificate issued by an accepted Federal Government Agency, Industry Partner or a DoD-approved External Certificate Authority (ECA). If you have an ECA certificate (or need to acquire an ECA certificate), follow the instructions below to obtain and install an ECA Certificate.

If using an external PKI certificate, you must have a DoD government sponsor who is registered in Forge in order to create a Forge.mil account. Government sponsors must register with their DoD CAC by following the Forge.mil Access Instructions for DoD CAC Users. Once your account request is received, your DoD government sponsor will receive an email requesting verification of your need for access. Your account is active once your sponsor approves the account. ECA Certificates are obtained directly from the approved vendors. You may purchase an ECA Certificate from:

To gain access using an ECA Certificate, use the following steps:

Step 1: Obtain an ECA certificate from one of the sites above. Users should purchase either:

  • Medium Assurance/Medium Assurance Identity and Encryption Certificates. These are 'soft' certificates that you can store on your computer. Ideal for users working from their own dedicated machine (other users do not have access to your computer). Once purchased, you will download these certificates directly to that computer.

- OR -

  • Medium Token Assurance/Medium Token Assurance Identity and Encryption Certificates. These are certificates stored on a smart card or USB token. You will need to purchase the hardware from the provider. Ideal for users without a dedicated computer since the certificates are stored on a token and portable.

Step 2: Once you have obtained an ECA certificate, install it using these instructions.

Step 3: Download and install the Root CA certificates.

Step 4: Verify you can get to other PKI sites.

Step 5: Create a Forge.mil Account

  • Go to SoftwareForge, select your certificate, and register for an account ('Create an Account' link under 'New Users' on the left side). You will be required to search for and select a DoD government sponsor who is registered in Forge. Government sponsors must register with their DoD CAC by following the Forge.mil Access Instructions for DoD CAC Users. Once your email address is confirmed and your need for access is verified by your DoD government sponsor, your Forge account will become active.

Having trouble accessing Forge.mil capabilities? See FAQ 'I am unable to access SoftwareForge or ProjectForge, what troubleshooting steps can I take?' for troubleshooting instructions.

Once you create an account, you can access the following capabilities:

SoftwareForge - Browse, join and collaborate on DoD community source and internal open source software projects (fee-for-service).

ProjectForge - Browse for ‘DoD public’ content made accessible within private projects. Browse and download software, report bugs, or contribute change requests or request your own private project space (fee-for-service).

Is there a Forge.mil site on SIPRNET?

Yes, the url for the Forge SIPR site is https://software.forge.smil.mil (this is a SIPRNET url that cannot be accessed via the NIPRNET)

Access

To access the Forge SIPR site, users must have a valid SIPR PKI software certificate or hardware token. As with SoftwareForge on the NIPRNET, any user holding a valid PKI certificate (in this case a valid SIPR PKI certificate/token) can view any project on the Forge SIPR site. These users constitute the 'authorized user' base. Access for all projects is locked 'open' to any authorized user.

ProjectForge on SIPR – Obtaining a Private Project

While the Forge SIPR site today is branded as SoftwareForge, users that need a private project on Forge SIPR (users looking for ProjectForge on SIPR) can contact the Forge Business Office at businessoffice@forge.mil to request a private project. As with the NIPRNET site, open access and privacy are fee-for-service offerings, open at a reduced rate. Organizations requiring projects on Forge SIPR will need to work with the Forge Business Office to determine the cost and to develop a support agreement.

How to obtain SIPR PKI Certificates/Tokens

Each Service/Agency has a separate Registration Authority Operations Office that will issue SIPR PKI certificates/tokens to their users. The process for requesting, delivering and issuing certificates/tokens is different across Services/Agencies. We highly recommend you contact your servicing Registration Authority or PKI Help Desk for information on how to obtain a SIPR PKI certificate/token.

To contact the Registration Authority or PKI Help Desk for your Service/Agency, see the Information Assurance Support Environment (IASE) Contact page at http://iase.disa.mil/pki-pke/Pages/contact.aspx.

WHAT DO I DO IF I HAVE A SECURITY INCIDENT (SPILLAGE) ON SOFTWAREFORGE OR PROJECTFORGE?

The highest classification allowed on the NIPRNet instances of SoftwareForge and ProjectForge is UNCLASSIFIED//FOUO. You may NOT post content that is designated as classified (i.e., Confidential, Secret, or Top Secret) on the NIPRNet instances of SoftwareForge and ProjectForge.

The highest classification allowed on the SIPRNet instance of Forge.mil is SECRET. You may NOT post content that is designated as TOP SECRET on the SIPRNet instance of Forge.mil.

If you need to report a security incident (spillage), please take the following actions:

  • Do NOT delete the file
  • Contact the Forge.mil team immediately at support@forge.mil AND the 24/7 Service Desk.
  • Contact your security manager per your local security policy
  • Provide the Forge.mil team and the Service desk with the following information:
    • Instance of Forge.mil impacted – SoftwareForge or ProjectForge
    • Name of project
    • Location of classified content - name of file or file ID

Per the Forge.mil Security Incident Standard Operation Procedure (SOP), the first action is to prevent any further spillage by immediately locking/isolating the project. Site Administrators will remove all users from the project and make the project private. Only Site Administrators will have access to investigate, delete the classified file and sanitize the environment and backups. Once the production environment and applicable backups are completely sanitized, an After Action Report (AAR) will be generated, reviewed and approved by all parties to include the project owner, the Forge.mil PMO, the Forge.mil engineering, cyber security, community, and operations teams and the hosting site support teams. Only then will project ownership be returned to the project users/admins.

WHERE CAN I GET MORE INFORMATION ABOUT MILCLOUD AND MILCLOUD ORCHESTRATION

See Additional Capabilities - milCloud for information.

Where do I go to download DoD/ECA Root and Intermediate Certificates?

In order for your machine to recognize your PKI certificates and DoD websites as trusted, you will need to run the InstallRoot utility to install the DoD CA certificates (Windows and Linux) or adjust trust settings (MAC) to resolve access issues. These DoD root certificates are required for all PKI types (CAC, ECA and other external PKI). To learn more, go to Information Assurance Support Environment – Getting Started.

CONFIGURE YOUR BROWSER TO OPERATE WITH YOUR CAC CERTIFICATES

Forge.mil users can use a variety of browsers to view and work in SoftwareForge and ProjectForge to include Internet Explorer, Firefox, Chrome, Safari and Opera. Additional configurations to make your certificates available in your browser and allow your browser to recognize and communicate with your CAC may be required. To learn more, go to Information Assurance Support Environment – Getting Started.

Why do I get a warning that there is a problem with this website's security certificate?

A certificate is a digital document providing the identity of a website or individual. The trustworthiness of any PKI certificate is only as good as the dependability and trustworthiness of the authority who issued the certificate. When you receive this error, your browser is warning you that the certificate, for the site you're attempting to access, has not been issued by an authority trusted by your browser. Web browsers come preloaded with a set of certificate authorities that the developer of the browser believes to be trustworthy. Unfortunately, the DoD PKI Certificate Authority (CA) is often not on this list.

The certificates that identify Forge.mil have been issued by the DoD CA. In order for your browser to recognize the DoD CA as a trustworthy certificate provider, you must have the DoD PKI Root Certificate installed in your browser. Once this root certificate is installed, your browser will recognize the DoD CA as a trusted authority and accept the Forge.mil PKI certificates without warnings.

Visit the following page to download the DoD/ECA Root Certificates: Information Assurance Support Environment – Getting Started..

I WAS RECENTLY ISSUED A NEW CAC, ECA OR PKI CERTIFICATE AND CAN NO LONGER ACCESS MY INFORMATION, WHAT DO I DO?

Please follow the steps below to map a new CAC, ECA or PKI certificate to an existing Forge.mil user account.

  • Ensure that your new CAC/ECA/PKI certificate has been loaded into your browser's trust store. Step-by-step instructions for installing ECA certificates are located here.
  • Ensure that the DoD intermediate and root certificates that were used to sign your personal certificate are loaded into your browser's trust store. If you are being redirected to the www.forge.mil page, you will need to re-run the InstallRoot utility located at Information Assurance Support Environment – Getting Started.
  • For smart-card based certificates, insert your card into the card reader.
  • Go to SoftwareForge
  • Click on the "Log In" button on the left hand side of the screen. You will be presented with a Forge.mil Account Registration Form.
  • Select the link – "Click here if you already have an account". The System will update the Forge.mil Account Registration Form.
  • Provide your Forge.mil user name (*required). If you do not remember your username, please contact support@forge.mil. Failure to use your existing username will result in the creation of a new account.
  • Submit request.
  • If you accidentally create a duplicate account, contact support@forge.mil so that we can remove the extra account.

The request may be approved in 24 hours or less.

Who do I contact to get more information?

You can obtain more information by emailing your request to: webmaster@forge.mil

I am unable to access SoftwareForge or ProjectForge, what troubleshooting steps can I take?

Forge.mil is available to U.S. military, DoD government civilians and DoD contractors for Government authorized use. Access to Forge.mil requires a valid DoD Common Access Card (CAC) OR an external PKI certificate issued by an accepted Federal Government Agency, Industry Partner or a DoD-approved External Certificate Authority (ECA).

If using an external PKI certificate, you must have a DoD government sponsor who is registered in Forge in order to create an account on the Forge.mil Community, SoftwareForge and ProjectForge. Government sponsors must register with their DoD CAC by following the Forge.mil Access Instructions for DoD CAC Users.

If you are having trouble registering for a Forge.mil account, follow these instructions BEFORE sending a support request .

To Gain Access Using a DoD CAC:

To Gain Access Using an ECA Purchased from an Approved Vendor:

To Gain Access Using a PKI Certificate Issued by an Accepted Federal Government Agency or Industry Partner:

Additional Troubleshooting Procedures

Common User Access Issues

  • Users receiving an 'Internet Explorer cannot display the webpage' error should run the Windows installer, InstallRoot.
  • Users being redirected to the www.forge.mil page when they hit the orange 'Register' should 1) ensure the PKI certificates are in the personal certificate store in the browser’s certificate manager and then 2) run the Windows installer, InstallRoot.
  • For the most current version of InstallRoot, see the third step on http://iase.disa.mil/pki-pke/getting_started/windows.html. These DoD root certificates are required for all PKI types (CAC, ECA and other external PKI). You do not need to be an administrator on your computer - there is an option to run this tool as a non-administrator.

Getting a CAC to Work on Fedora.

Get your CAC working on Fedora. This process assumes the use of Fedora, Firefox and libcoolkey.

Read Getting your CAC to Work on Fedora.

Note: This procedure will not work for Ubuntu.