New user? Join Now

Stay Informed

ECA Registration
PKI Information
Subversion Client Instructions
DoD Root & Intermediate Certs.
Firefox & Thunderbird Add-ons

Frequently Asked Questions

What is the Forge.mil Program?

Forge.mil is a DISA-led activity designed to improve the ability of the U.S. Department of Defense to rapidly deliver dependable software, services and systems in support of net-centric operations and warfare. Forge.mil will:

  • Enable cross-program sharing of software, system components, and services
  • Promote early and continuous collaboration among all stakeholders (e.g., developers, material providers, testers, operators, and users) throughout the development life-cycle
  • Facilitate the resolution of issues and challenges by connecting users, team members, program and community leaders, and subject matter experts making a difference in Information Technology Acquisition
  • Allow users to share knowledge, experience, and lessons learned on how to improve and accelerate software development and deployment
  • Rapidly deliver effective and efficient development and test capabilities for DoD technology development efforts
  • Help protect the operational environment from potentially harmful systems and services
  • Encourage modularity so that large programs to be developed, fielded, and operated as a set of independent components that can evolve and mature at their own rates
  • Eliminate duplicative testing and improve dependability by adopting common test and evaluation criteria supported by standard testing tools and methods

The Forge.mil family of services today consists of three offerings - SoftwareForge and ProjectForge and the Forge.mil Community. SoftwareForge is a free service available on both the NIPRNet and SIPRNet. ProjectForge is a fee for service capability currently available for unclassified use. The Forge.mil Community is a collaborative content and knowledge management site available on the NIPRNet and offered free.

Read the Forge.mil Brochure: Transforming the Way DoD Innovates IT.

What is the Forge.mil Community?

Forge.mil Community is a collaborative content and knowledge management site for Forge.mil users to connect and share information using social collaboration tools such as group blogs, discussions, wiki, documents and polls. While the project teams on SoftwareForge and ProjectForge are focused on their individual project or projects, the Forge.mil Community site provides teams/individuals working to solve similar problems and/or discuss similar challenges that transcend a single project or set of projects a means to self organize around these challenges to develop common solutions.

The Forge.mil Community site provides a 'social' collaboration layer to augment and integrate with the current capabilities in Forge.mil. Group associations with a project or a set of projects provides a more holistic view of software development activity and allows project teams and individuals to better connect, collaborate, share information and expand the discussions within a wider audience.

Forge.mil Community also provides a forum for teams, and individuals who are not necessarily working on the development of software but who have knowledge and experience to contribute and share with a wider community. Forge.mil Community allows for the formation of groups built around communities of interest, organizations, mission areas, or specific technologies as well as groups created around topics of interest to the Information Technology Acquisition Community such as Section 804 Compliance, general CAC/PKI information, Software Development Best Practices to include Agile, and contract strategies for the use of Forge.mil and Agile.

Advantages/Benefits of the Forge.mil Community

  • Connect with other Forge.mil users
  • Find Software and Projects
  • Discover and join sub-communities or Groups
  • Improve Collaboration
  • Share Ideas or find Ideas to act on
  • Share Knowledge, Experience and Lessons Learned
  • Find Answer and Solutions
  • Expand the Discussions and Cast a Wider Net to Find an Answer

As with other Forge.mil capabilities, the Forge.mil Community site is available to U.S. military, DoD government civilians and DoD contractors for Government authorized use. Access to Forge.mil requires a valid DoD Common Access Card (CAC) or a PKI certificate issued by a DoD approved External Certificate Authority (ECA) with government sponsor.

If you are already a Forge.mil registered user, your access to the Forge.mil Community site is automatic - no need to re-register.

What is SoftwareForge?

SoftwareForge enables the collaborative development and distribution of open source software and DoD community source software. For open source and community source development projects within the DoD, SoftwareForge provides software development tools such as software version control, bug tracking, requirements management, and release packaging along with collaboration tools such as wikis, discussion forums, and document repositories to enable collaborative development amongst distributed developers. SoftwareForge is currently built on the open source Subversion version control system and CollabNet TeamForge application life cycle management tool.

What is ProjectForge?

ProjectForge provides the same application life cycle management tools to DoD projects and programs as SoftwareForge, but for programs and/or projects that are not doing DoD community source development and/or need to restrict access to specific project members. While SoftwareForge comes free to valid users, ProjectForge is a fee for service capability. There are two ProjectForge offerings:

ProjectForge 'On Demand' is hosted as a multi-tenant application meaning that the application infrastructure (servers and mass storage) are shared by multiple projects and users. Although the infrastructure is shared, visibility and access to the information contained in each project is protected and controlled strictly by the project owner.

To accommodate requests from the community for project space for smaller software development teams, ProjectForge 'On Demand' now has two additional offerings for teams of up to 10 or 25 users.

  • Cost for ProjectForge 'On Demand'
    • 100 users for $60K/year
    • 25 users for $25K/year
    • 10 users for $15K/year
    • Cost includes up to 10GB of storage, service desk support, basic project administrator on-boarding, platform maintenance and security

    ProjectForge 'Private' provides the same capability as ProjectForge - On Demand, but with dedicated (single tenant), private resources, enhanced and more granular access control, and control over site branding (look and feel).

  • Cost for ProjectForge 'Private' is based on a number of variables to include:
  • Number of users,
  • Amount of mass storage, and
  • Additional training or support needed.
  • Cost of Support (infrastructure/hosting, service desk support, application administration, user on-boarding, COOP, platform maintenance and security)

The general rule for deciding between On Demand and Private is the number of users as well as control over the infrastructure. If 10, 25, or 100 users are enough, On Demand is your best bet.

Read the ProjectForge Information Data Sheet.

What is the difference between SoftwareForge and ProjectForge?

SoftwareForge and ProjectForge use the exact same tool suite (CollabNet TeamForge). The main difference lies in the mission of each site, and how the default project permissions are configured. SoftwareForge is functionally equivalent to http://sourceforge.net (the Open Source software sharing site), except that it is within the DoD firewall, and only accessible to authorized DoD users with a CAC card or ECA certificate. The default project permissions are locked to 'open' for view access - any authorized site user can view any project on the site. Write permission to each project is controlled via roles that project administrators can assign.

SoftwareForge is intended to promote cross-team and cross-service collaboration, and projects that can operate within these parameters are welcome to host projects free of charge on the site.

ProjectForge, by contrast, is designed for those teams who want to utilize the TeamForge tools with more restrictive view and write permissions. The default permissions on this site are set to private, and project admins have the ability to customize the access controls for their projects based on their needs. ProjectForge is a completely separate instance of the tool suite, and is a fee-for-service offering.

The decision on whether to host a project on SoftwareForge vs. ProjectForge comes down to whether you are willing/able to operate in a 'DoD-internal/public' environment where your project is viewable by authorized DoD CAC and ECA certificate holders (SoftwareForge), or you require 'closed' collaboration with tighter view/write access (ProjectForge).

Project versus Group - How do I decide whether to request a project or to create a group?

When determining whether to request project space on SoftwareForge or ProjectForge and/or to create a group on the Forge.mil Community site, consider the goals and objectives of your team.

Consider using Forge.mil Community if:

  • You are not developing software but need a collaborative space for stakeholders to discuss issues and share content
  • You have a single project on SoftwareForge and want to expand on the capabilities of that project by adding features like activity streams (group, project and user), calendar and event management, polls and group idea forums
  • You have a number of related projects on SoftwareForge you want to 'group' together and be able to discuss, publish documents, collaborate on wikis

Consider using SoftwareForge if:

  • You are developing and distributing open source software and DoD community source software
  • You need a tracker capability to manage requirements, change requests, and issues

Consider using ProjectForge if:

  • You need greater control over view and write access to project content
  • You don't have the intellectual property rights necessary to share your software with the entire DoD community
  • You want greater control over the core platform functionality such as site branding, project specific templates, custom extensions, product configuration (ProjectForge Private instances only, not available with ProjectForge On Demand)

See the FAQ on 'What is the difference between SoftwareForge and ProjectForge' for more information on factors to in considering SoftwareForge or ProjectForge for software development. For more information, contact community@forge.mil.

What capabilities are available in the system?

DISA has adopted the CollabNet platform for distributed application life-cycle management (ALM) as a core technology powering Forge.mil. It delivers a suite of integrated tools for project and idea collaboration. These tools enable DoD developers and partners to adopt collaborative best practices, reuse code assets, and have transparency across the entire development process and include the following capabilities:

  • Source code and configuration management
  • Track defects, requirements, and feature requests
  • Task hierarchy and alert mechanism
  • Collect, archive, and release packages
  • Real-time reports on tasks and trackers
  • Discussion Forums
  • Project-based Wiki
  • Document Management

The system also allows for the easy association of artifact data within each of these individual tools. For example, you can associate a particular tracker artifact (defect) with a particular code checkin in the source control system (open source Subversion version control system). More examples and an overview of the toolset can be found in the CollabNet TeamForge Video Overview.

What capabilities are available in the Forge.mil Community?

DISA developed the Forge.mil Community layer using one of the leading open source content management systems, Drupal. It provides a set of social collaboration tools to enable the Forge.mil user community to connect with and follow the activity of other users, self organize within sub-communities or groups, and discover shared software to download and reuse. These tools allow teams and individuals to share, manage and exchange content, knowledge and information in a more 'social' environment and include the following capabilities:

  • Project Activity Streams (from your projects and group related projects)
  • Open and Moderated Groups
  • Blogs and micro-blogs
  • Document Management
  • Group-based collaborative Wiki
  • Threaded discussions
  • Idea forums with vote-up/vote-down
  • Group Calendar and Event Management
  • Group and 'Public' Notices and Announcements
  • Relationship/Connections Management
  • Group Polls
  • RSS Feeds

What are the guidelines for participating?

Participation guidelines will vary depending on which Forge.mil capability (SoftwareForge or ProjectForge) a user or project is utilizing. SoftwareForge is a collaborative development environment for the DoD that is modeled on popular Internet-based open source software development sites. This system will host development projects that provide opportunity for reuse and common code maintenance. The only license categories allowed for such projects are DoD community source, and certain Open Source licenses. All aspects of the project will be publicly viewable, but write permission to each project is controlled via roles that project administrators can assign.

Projects on SoftwareForge will be required to maintain 'public' view access, and will be encouraged to allow contributions from all interested parties. The goal of the site is to encourage collaboration around development and maintenance activities of these projects. This should naturally lead to more individuals becoming 'authorized committers' after they have shown they have valuable contributions to make.

For a more detailed description of the 'authorized committer' model, please see the information available on the Producing Open Source Software site.

How can I get access to Forge.mil (CAC users)?

Forge.mil is available to U.S. military, DoD government civilians and DoD contractors for Government authorized use. Access to Forge.mil requires a valid DoD Common Access Card (CAC) OR a PKI certificate issued by a DoD approved External Certificate Authority (ECA) with a DoD government sponsor.

If you have a CAC, access is relatively simple.

  • Download and install the Root CA certificates using the installRoot Windows installer.
  • Alternatively, you can manually download and install the Root CA certificates from the DoD Class 3 PKI Download Root CA Certificate site.
  • To create an account, go to Forge.mil Community site (requires a valid DoD CAC or ECA Certificate). On the left hand side under "New Users", click on 'Create an Account'. Your account is active once your email address is confirmed.

Once you create an account, you can access the following capabilities:

Forge.mil Community – Connect with other Forge.mil users. Browse, join and collaborate in groups to share information, exchange ideas and develop solutions.

SoftwareForge – Browse, join and collaborate on DoD community source and internal open source software projects for free.

ProjectForge – Browse for ‘DoD public’ content made accessible within private projects. Browse and download software, report bugs, or contribute change requests or request your own private project space (fee for service).

Having trouble accessing Forge.mil capabilities? See FAQ 'I am unable to access SoftwareForge, ProjectForge & the Forge.mil Community, what troubleshooting steps can I take?' for troubleshooting instructions.

How can I get access to Forge.mil (ECA Certificate users)?

Forge.mil is available to U.S. military, DoD government civilians and DoD contractors for Government authorized use. Access to Forge.mil requires a valid DoD Common Access Card (CAC) or a PKI certificate issued by a DoD approved External Certificate Authority (ECA). If you have an ECA certificate (or need to acquire an ECA certificate), follow the instructions below on how to obtain and install an ECA Certificate.

You must have a DoD government sponsor who is registered in Forge in order to create an account on the Forge.mil Community, SoftwareForge and ProjectForge. Once your account request is received, your DoD government sponsor will receive an email requesting verification of your need for access. Once that verification is received, the support team will approve your account request. ECA Certificates are obtained directly from the approved vendors. You may purchase an ECA Certificate from:

  • Operational Research Consultants, Inc. (ORC)
    http://www.eca.orc.com/
    Email: ecahelp@orc.com
    Phone: 800.816.5548
  • Verisign, Inc.
    https://eca.verisign.com/
    Email: eca-support@verisign.com
    Phone: 650.426.3224
  • IdenTrust, Inc. (formerly DST)
    http://www.identrust.com/certificates/eca/index.html
    Email: helpdesk@identrust.com
    Phone: 888.882.1104

To gain access using an ECA Certificate, use the following steps:

  • Obtain an ECA certificate from one of the sites above.
  • Once you have obtained an ECA certificate, install it using these instructions.
  • Download and install the Root CA certificates using the installRoot Windows installer.
  • Alternatively, you can manually download and install the Root CA certificates from the DoD Class 3 PKI Download Root CA Certificate site.
  • Go to the Forge.mil Community site, select your ECA certificate, and register for an account ('Create an Account' link under 'New Users' on the left side). Once your email address is confirmed and your need for access is verified by your DoD government sponsor, your Forge account will become active.

Once you create an account, you can access the following capabilities:

Forge.mil Community - Connect with other Forge.mil users. Browse, join and collaborate in groups to share information, exchange ideas and develop solutions.

SoftwareForge - Browse, join and collaborate on DoD community source and internal open source software projects for free.

ProjectForge - Browse for ‘DoD public’ content made accessible within private projects. Browse and download software, report bugs, or contribute change requests or request your own private project space (fee for service).

For more information on the DoD PKI and ECA program please go to DISA's Information Assurance Support Environment (IASE).

Having trouble accessing Forge.mil capabilities? See FAQ 'I am unable to access SoftwareForge, ProjectForge & the Forge.mil Community, what troubleshooting steps can I take?' for troubleshooting instructions.

Is there a Forge.mil site on SIPRNET?

Yes, the url for the Forge SIPR site is https://software.forge.smil.mil (this is a SIPRNET url that cannot be accessed via the NIPRNET)

Access

To access the Forge SIPR site, users must have a valid SIPR PKI software certificate or hardware token. As with SoftwareForge on the NIPRNET, any user holding a valid PKI certificate (in this case a valid SIPR PKI certificate/token) can view any project on the Forge SIPR site. These users constitute the 'authorized user' base. Access for all projects is locked 'open' to any authorized user.

ProjectForge on SIPR – Obtaining a Private Project

While the Forge SIPR site today is branded as SoftwareForge, users that need a private project on Forge SIPR (users looking for ProjectForge on SIPR) can contact the Forge Business Office at businessoffice@forge.mil to request a private project. As with the NIPRNET site, open is free, privacy is fee-for-service. Organizations requiring private projects on Forge SIPR will need to work with the Forge Business Office to determine the cost and to develop a support agreement.

How to obtain SIPR PKI Certificates/Tokens

Each Service/Agency has a separate Registration Authority Operations Office that will issue SIPR PKI certificates/tokens to their users. The process for requesting, delivering and issuing certificates/tokens is different across Services/Agencies. We highly recommend you contact your servicing Registration Authority or PKI Help Desk for information on how to obtain a SIPR PKI certificate/token.

To contact the Registration Authority or PKI Help Desk for your Service/Agency, see the Information Assurance Support Environment (IASE) Contact page at http://iase.disa.mil/pki-pke/contact.html.

How do I order a RACE Node?

To order Rapid Access Computing Environment (RACE) Development, Test, and Production virtual environments, visit the DISA RACE website at http://www.disa.mil/race/

Where do I go to download DoD/ECA Root and Intermediate Certificates?

Where do I go to download the DoD Firefox & Thunderbird Add-ons?

You can download the DoD Firefox & Thunderbird Add-ons from the Tools & Resources page.

Why do I get a warning that there is a problem with this website's security certificate?

A certificate is a digital document providing the identity of a website or individual. The trustworthiness of any PKI certificate is only as good as the dependability and trustworthiness of the authority who issued the certificate. When you receive this error, your browser is warning you that the certificate, for the site you're attempting to access, has not been issued by an authority trusted by your browser. Web browsers come preloaded with a set of certificate authorities that the developer of the browser believes to be trustworthy. Unfortunately, the DoD PKI Certificate Authority (CA) is often not on this list.

The certificates that identify Forge.mil have been issued by the DoD CA. In order for your browser to recognize the DoD CA as a trustworthy certificate provider, you must have the DoD PKI Root Certificate installed in your browser. Once this root certificate is installed, your browser will recognize the DoD CA as a trusted authority and accept the Forge.mil PKI certificates without warnings.

Visit the following page to download the DoD/ECA Root Certificates: http://iase.disa.mil/pki-pke/function_pages/tools.html.

I was recently issued a new CAC or ECA certificate and can no longer access my information, what do I do?

Please follow the steps below to map a *new* CAC/ECA based certificate to an existing Forge.mil user account.

  • Ensure that your new CAC/ECA based certificate has been loaded into your browser's trust store. Step-by-step instructions for installing ECA certificates are located here. Additional instructions are located here (requires an AKO/DKO account).
  • Ensure that the DoD intermediate and root certificates that were used to sign your personal certificate are loaded into your browser's trust store. Review 'Where do I go to download DoD/ECA Root and Intermediate Certificates?' for instructions.
  • For smart-card based certificates, insert your card into the card reader.
  • Go to SoftwareForge (requires a valid requires a valid DoD CAC or ECA Certificate).
  • Click on the "Log In" button on the left hand side of the screen. You will be presented with a Forge.mil Account Registration Form.
  • "Click here if you already have an account". The System will update the Forge.mil Account Registration Form.
  • Provide your Forge.mil user name (*required).
  • Submit request.

The request may be approved in 24 hours or less. If you are adding a new ECA certificate to an existing account, verification from a DoD sponsor is required prior to request approval and account update. An administrator will contact you if more information is required.

Who do I contact to get more information?

You can obtain more information by emailing your request to: webmaster@forge.mil

I am unable to access SoftwareForge, ProjectForge & the Forge.mil Community, what troubleshooting steps can I take?

If you are having trouble registering for a Forge.mil account, follow these steps BEFORE sending a support request.

Step 1: Do you have a valid CAC or ECA issued by an approved vendor? See the FAQ - 'How can I get access to Forge.mil (ECA certificate users)' for a list of approved vendors.

Step 2: If using a CAC, do you have ActivClient 6.2 or higher installed?

Step 3: If using an ECA, see the FAQ 'How can I get access to Forge.mil (ECA certificate users)' for instructions on how to obtain and install your ECA certificate and register for a Forge.mil account.

Step 4: Download and install Root and Intermediate CA certificates.

Step 5: Verify you can get to other PKI sites.

Additional Troubleshooting Procedures

DoD Root CA 2 DoD Interoperability Root CA 1 Issue.

Occasionally, one of the Intermediate Certificates if installed can cause an SSL error. If you are still having an issue connecting to SoftwareForge, ProjectForge and Community OR if you previously had access to these sites and are now receiving an SSL error, follow the instructions below.

Read the DoD Root CA 2 DoD Interoperability Root CA 1 Issue Instructions.

Firefox Plug-in Bypass.

Users who have installed the DoD add-on for Firefox sometimes still experience an issue with connecting to Forge properties with Firefox. You can bypass the add-on and add your CAC reader by following the instructions below.

Read Firefox Plug-in Bypass with ActivClient Agent.

Column Three