New user? Join Now

Stay Informed

ECA Registration
PKI Information
Subversion Client Instructions
DoD Root & Intermediate Certs.
Firefox & Thunderbird Add-ons

Frequently Asked Questions

What is the Forge.mil Program?

Forge.mil is a DISA-led activity designed to improve the ability of the U.S. Department of Defense to rapidly deliver dependable software, services and systems in support of net-centric operations and warfare. Forge.mil will:

  • Enable cross-program sharing of software, system components, and services
  • Promote early and continuous collaboration among all stakeholders (e.g., developers, material providers, testers, operators, and users) throughout the development life-cycle
  • Rapidly deliver effective and efficient development and test capabilities for DoD technology development efforts
  • Help protect the operational environment from potentially harmful systems and services
  • Encourage modularity so that large programs to be developed, fielded, and operated as a set of independent components that can evolve and mature at their own rates
  • Eliminate duplicative testing and improve dependability by adopting common test and evaluation criteria supported by standard testing tools and methods

The Forge.mil family of services today consists of two offerings - SoftwareForge and ProjectForge. SoftwareForge is a free service available on both the NIPRNet and SIPRNet. ProjectForge is a fee for service capability currently available for unclassified use.

Read the Forge.mil Brochure: Transforming the Way DoD Innovates IT.

What is SoftwareForge?

SoftwareForge enables the collaborative development and distribution of open source software and DoD community source software. For open source and community source development projects within the DoD, SoftwareForge provides software development tools such as software version control, bug tracking, requirements management, and release packaging along with collaboration tools such as wikis, discussion forums, and document repositories to enable collaborative development amongst distributed developers. SoftwareForge is currently built on the open source Subversion version control system and CollabNet TeamForge application life cycle management tool.

What is ProjectForge?

ProjectForge provides the same application life cycle management tools to DoD projects and programs as SoftwareForge, but for programs and/or projects that are not doing DoD community source development and/or need to restrict access to specific project members. While SoftwareForge comes free to valid users, ProjectForge is a fee for service capability. There are two ProjectForge offerings:

ProjectForge 'On Demand' is hosted as a multi-tenant application meaning that the application infrastructure (servers and mass storage) are shared by multiple projects and users. Although the infrastructure is shared, visibility and access to the information contained in each project is protected and controlled strictly by the project owner.

To accommodate requests from the community for project space for smaller software development teams, ProjectForge 'On Demand' now has two additional offerings for teams of up to 10 or 25 users.

  • Cost for ProjectForge 'On Demand'
    • 100 users for $60K/year
    • 25 users for $25K/year
    • 10 users for $15K/year
  • Cost includes up to 10GB of storage, service desk support, basic project administrator on-boarding, platform maintenance and security

ProjectForge 'Private' provides the same capability as ProjectForge - On Demand, but with dedicated (single tenant), private resources, enhanced and more granular access control, and control over site branding (look and feel).

  • Cost for ProjectForge 'Private' is based on a number of variables to include:
    • Number of users,
    • Amount of mass storage, and
    • Additional training or support needed.
  • Cost of Support (infrastructure/hosting, service desk support, application administration, user on-boarding, COOP, platform maintenance and security)

The general rule for deciding between On Demand and Private is the number of users as well as control over the infrastructure. If 10, 25, or 100 users are enough, On Demand is your best bet.

Read the ProjectForge Information Data Sheet.

What is the difference between SoftwareForge and ProjectForge?

SoftwareForge and ProjectForge use the exact same tool suite (CollabNet TeamForge). The main difference lies in the mission of each site, and how the default project permissions are configured. SoftwareForge is functionally equivalent to http://sourceforge.net (the Open Source software sharing site), except that it is within the DoD firewall, and only accessible to authorized DoD users with a CAC card or ECA certificate. The default project permissions are locked to 'open' for view access - any authorized site user can view any project on the site. Write permission to each project is controlled via roles that project administrators can assign.

SoftwareForge is intended to promote cross-team and cross-service collaboration, and projects that can operate within these parameters are welcome to host projects free of charge on the site.

ProjectForge, by contrast, is designed for those teams who want to utilize the TeamForge tools with more restrictive view and write permissions. The default permissions on this site are set to private, and project admins have the ability to customize the access controls for their projects based on their needs. ProjectForge is a completely separate instance of the tool suite, and is a fee-for-service offering.

The decision on whether to host a project on SoftwareForge vs. ProjectForge comes down to whether you are willing/able to operate in a 'DoD-internal/public' environment where your project is viewable by authorized DoD CAC and ECA certificate holders (SoftwareForge), or you require 'closed' collaboration with tighter view/write access (ProjectForge).

What capabilities are available in the system?

DISA has adopted the CollabNet platform for distributed application life-cycle management (ALM) as a core technology powering Forge.mil. It delivers a suite of integrated tools for project and idea collaboration. These tools enable DoD developers and partners to adopt collaborative best practices, reuse code assets, and have transparency across the entire development process and include the following capabilities:

  • Source code and configuration management
  • Track defects, requirements, and feature requests
  • Task hierarchy and alert mechanism
  • Collect, archive, and release packages
  • Real-time reports on tasks and trackers
  • Discussion Forums
  • Project-based Wiki
  • Document Management

The system also allows for the easy association of artifact data within each of these individual tools. For example, you can associate a particular tracker artifact (defect) with a particular code checkin in the source control system (open source Subversion version control system). More examples and an overview of the toolset can be found in the CollabNet TeamForge Video Overview.

What are the guidelines for participating?

Participation guidelines will vary depending on which Forge.mil capability (SoftwareForge or ProjectForge) a user or project is utilizing. SoftwareForge is a collaborative development environment for the DoD that is modeled on popular Internet-based open source software development sites. This system will host development projects that provide opportunity for reuse and common code maintenance. The only license categories allowed for such projects are DoD community source, and certain Open Source licenses. All aspects of the project will be publicly viewable, but write permission to each project is controlled via roles that project administrators can assign.

Projects on SoftwareForge will be required to maintain 'public' view access, and will be encouraged to allow contributions from all interested parties. The goal of the site is to encourage collaboration around development and maintenance activities of these projects. This should naturally lead to more individuals becoming 'authorized committers' after they have shown they have valuable contributions to make.

For a more detailed description of the 'authorized committer' model, please see the information available on the Producing Open Source Software site.

How can I get access to Forge.mil (CAC users)?

Forge.mil is available to U.S. military, DoD government civilians and DoD contractors for Government authorized use. Access to Forge.mil requires a valid DoD Common Access Card (CAC) or a PKI certificate issued by a DoD approved External Certificate Authority (ECA).

If you have a CAC, access is relatively simple.

  • Download and install the Root CA certificates from the DoD Class 3 PKI Download Root CA Certificate site.
  • To create an account, go to SoftwareForge (requires a valid DoD CAC or ECA Certificate). On the left hand side under New Users, click on 'Create an Account'. Your account is active once your email address is confirmed.

How can I get access to Forge.mil (ECA Certificate users)?

Forge.mil is available to U.S. military, DoD government civilians and DoD contractors for Government authorized use. Access to Forge.mil requires a valid DoD Common Access Card (CAC) or a PKI certificate issued by a DoD approved External Certificate Authority (ECA). If you have an ECA certificate (or need to acquire an ECA certificate), follow the instructions below on how to obtain and install an ECA Certificate.

You must have a DoD government sponsor in order to create an account on SoftwareForge and ProjectForge. Once your account request is received, your DoD government sponsor will receive an email requesting verification of your need for access. Once that verification is received, the support team will approve your account request.

ECA Certificates are obtained directly from the approved vendors. You may purchase an ECA Certificate from:
  • Operational Research Consultants, Inc. (ORC)
    http://www.eca.orc.com/
    Email: ecahelp@orc.com
    Phone: 800.816.5548
  • Verisign, Inc.
    https://eca.verisign.com/
    Email: eca-support@verisign.com
    Phone: 650.426.3224
  • IdenTrust, Inc. (formerly DST)
    http://www.identrust.com/certificates/eca/index.html
    Email: helpdesk@identrust.com
    Phone: 888.882.1104

To gain access using an ECA Certificate, use the following steps:

  • Obtain an ECA certificate from one of the sites above.
  • Once you have obtained an ECA certificate, install it using these instructions.
  • Download and install the Root CA certificates from the DoD Class 3 PKI Download Root CA Certificate site.
  • Go to SoftwareForge, select your ECA certificate, and register for an account ('Create an Account' link under New Users on the left side). Once your email address is confirmed and your need for access is verified by your DoD government sponsor, your SoftwareForge account will become active.

For more information on the DoD PKI and ECA program please go to DISA's Information Assurance Support Environment (IASE).

How do I order a RACE Node?

To order Rapid Access Computing Environment (RACE) Development, Test, and Production virtual environments, visit the DISA RACE website at http://www.disa.mil/race/

Where do I go to download DoD/ECA Root and Intermediate Certificates?

Visit the following page to download the DoD/ECA Root and Intermediate Certificates: https://www.dodpke.com/InstallRoot.

Where do I go to download the DoD Firefox & Thunderbird Add-ons?

You can download the DoD Firefox & Thunderbird Add-ons from the Tools & Resources page.

Why do I get a warning that there is a problem with this website's security certificate?

A certificate is a digital document providing the identity of a website or individual. The trustworthiness of any PKI certificate is only as good as the dependability and trustworthiness of the authority who issued the certificate. When you receive this error, your browser is warning you that the certificate, for the site you're attempting to access, has not been issued by an authority trusted by your browser. Web browsers come preloaded with a set of certificate authorities that the developer of the browser believes to be trustworthy. Unfortunately, the DoD PKI Certificate Authority (CA) is often not on this list.

The certificates that identify Forge.mil have been issued by the DoD CA. In order for your browser to recognize the DoD CA as a trustworthy certificate provider, you must have the DoD PKI Root Certificate installed in your browser. Once this root certificate is installed, your browser will recognize the DoD CA as a trusted authority and accept the Forge.mil PKI certificates without warnings.

Visit the following page to download the DoD/ECA Root Certificates: https://www.dodpke.com/InstallRoot.

I was recently issued a new CAC or ECA certificate and can no longer access my information, what do I do?

Please follow the steps below to map a *new* CAC/ECA based certificate to an existing Forge.mil user account.

  • Ensure that your new CAC/ECA based certificate has been loaded into your browser's trust store. Step-by-step instructions for installing ECA certificates are located here. Additional instructions are located here (requires an AKO/DKO account).
  • Ensure that the DoD intermediate and root certificates that were used to sign your personal certificate are loaded into your browser's trust store. Visit the following page to download the DoD/ECA Root Certificates: https://www.dodpke.com/InstallRoot.
  • For smart-card based certificates, insert your card into the card reader.
  • Go to SoftwareForge (requires a valid requires a valid DoD CAC or ECA Certificate).
  • Click on the "Log In" button on the left hand side of the screen. You will be presented with a Forge.mil Account Registration Form.
  • "Click here if you already have an account". The System will update the Forge.mil Account Registration Form.
  • Provide your Forge.mil user name (*required).
  • Submit request.

The request may be approved in 24 hours or less. If you are adding a new ECA certificate to an existing account, verification from a DoD sponsor is required prior to request approval and account update. An administrator will contact you if more information is required.

Who do I contact to get more information?

You can obtain more information by emailing your request to: webmaster@forge.mil

Column Three