phantom@works:~
A hardened, Git-based factory that automates SLSA Level 4 builds, AI model scanning, and Compliance-as-Code while applying JSIG and CNSSI 1253 overlays—delivering cryptographically signed artifacts to air-gapped IL5/IL6 networks.
Security Status
All systems operational
SLSA Level
4
verified
NIST Controls
M-L-L
baseline
HITL Gates
3
pending
Recent Activity
A proactive, baked-in security model that treats every commit, build, and deployment as a zero-trust transaction
Ephemeral, hermetic build runners with no internet access. Scripted, parameterless pipelines emit unforgeable cryptographic provenance for every artifact.
SAST, SCA, SBOM generation, DAST, and deep container scanning run as blocking jobs—halting the build the moment a critical risk is detected.
ModelScan and ModelAudit statically inspect 40+ ML formats for serialization attacks, blocking insecure pickle files and enforcing safetensors.
Context-aware JSIG and CNSSI 1253 overlays map directly to the NIST 800-53 M-L-L baseline, tailoring controls to each target classification.
OSCAL replaces static SCTM spreadsheets with machine-readable artifacts, auto-generating assessment results to enable Continuous ATO.
Skopeo and Zarf package signed artifacts into OCI layouts for deterministic, declarative deployment into disconnected IL5/IL6 networks.
Four non-negotiable mechanisms make the build deterministic, hermetic, and tamper-proof—so trusting the pipeline means trusting every artifact it produces.
Single-use containers are provisioned per build and destroyed immediately afterward.
Prevents cross-contamination between builds and eliminates persistent malware footholds.
Network namespaces block outbound internet; dependencies come only from internal registries like Iron Bank.
Stops dependency confusion attacks and injection of unauthorized third-party libraries.
Build definitions live as version-controlled code; the pipeline rejects arbitrary runtime parameters.
Guarantees a deterministic build that cannot be hijacked via malicious user input.
The pipeline emits unforgeable metadata describing exact inputs, environment, and toolchain.
Lets deployment controllers verify an artifact was built in an authorized environment.
A sequence of isolated security gates—SAST, SCA, hermetic build, DAST, and container scanning—evaluates every commit before an artifact ships
6 components scanned in current SBOM
| Package (purl) | Version | Status | Vulnerabilities | License | Actions |
|---|---|---|---|---|---|
lodashpkg:npm/lodash@4.17.15 | 4.17.15 | Scanning | Scanning | — | |
expresspkg:npm/express@4.17.1 | 4.17.1 | Scanning | Scanning | — | |
axiospkg:npm/axios@0.21.1 | 0.21.1 | Scanning | Scanning | — | |
djangopkg:pypi/django@3.2 | 3.2 | Scanning | Scanning | — | |
log4j-corepkg:maven/org.apache.logging.log4j/log4j-core@2.14.1 | 2.14.1 | Scanning | Scanning | — | |
reactpkg:npm/react@18.2.0 | 18.2.0 | Scanning | Scanning | — |
Every container image and OSS dependency is approved through a hardened, automated workflow—proving security, provenance, and compliance before it ever reaches a deployment target.
Source code and OSS dependencies are committed to Git, triggering the factory pipeline.
CI/CD builds OCI images in ephemeral, isolated containers with no internet access.
SBOMs are generated for all OSS; Anchore scans container layers for CVEs and secrets.
ModelScan and ModelAudit inspect any ML models embedded inside the container.
OSCAL artifacts are generated and linked directly to the container build.
A webhook suspends the pipeline for explicit human authorization of critical deployments.
Approved images are cryptographically signed and stored in Iron Bank / internal registries.
Skopeo and Zarf package signed bundles for deterministic deployment to isolated networks.
A layered toolchain inspects every dependency, image, and model—blocking promotion of any container with critical findings before it reaches a deployment target.
Generates an SBOM for every OSS dependency and maps each component against CVE databases.
Scans container image layers for vulnerabilities, embedded secrets, and misconfigurations.
Statically analyzes ML models embedded within containers for serialization attacks.
Verifies OSS provenance and integrity, allowing only Iron Bank-vetted components into builds.
Traditional SAST tools cannot parse serialized neural network weights. Dedicated scanners inspect 40+ ML formats statically—without ever loading or executing them.
Arbitrary Code Execution
Python pickle allows custom __reduce__ methods to run OS commands during load.
Credential & Data Theft
Malicious payloads read environment variables and open outbound connections.
Model Poisoning
Tampered tensor data embeds backdoors or silently degrades model accuracy.
Resource Exhaustion
Deserialization loops consume infinite memory or CPU to deny service.
Executable serialization. Blocked by pipeline policy—ingestion of pickle files is rejected before deployment.
BlockedFlat metadata plus raw byte buffers. Structurally eliminates code execution—the mandated DoD format.
EnforcedEmbedded as blocking CI jobs. Standardized exit codes halt the build on detection; SARIF/JSON output feeds the unified vulnerability dashboard.
The pipeline dynamically applies JSIG and CNSSI 1253 overlays onto the NIST 800-53 M-L-L baseline, tailoring controls to each target classification
Moderate-Low-Low control baseline
Independent C-I-A ratings for National Security Systems
SAP overlay for isolated, classified environments
Secure manual approval gates for CI/CD pipelines with signed attestations for air-gapped sync
Package: targeting-model@2.1.0
Package: intel-db@3.0.12
Package: openssl@3.0.12
Compliant artifacts cross the air gap to IL5 and IL6 networks—tactical edge devices, weapons systems, and afloat assets—through deterministic, declarative synchronization.
Approved containers, AI artifacts, and compliance definitions are written to an OCI image layout, preserving layer dedupe and SLSA 4 signatures.
Skopeo syncs the mirror onto physical media using the dir transport, capturing all layers and metadata without internet resolution.
On the high side, Zarf deploys the signed tarball and verifies provenance is intact—proving no tampering crossed the air gap.
Securing software supply chains for warfighters and defense missions worldwide.
Deploy the Phantom Works software factory to validate your pipeline, not just a point-in-time system—compressing ATO timelines from years to weeks while delivering to the air-gapped tactical edge.
Built on hardened Kubernetes, Big Bang, and Iron Bank. SLSA Level 4 by design.