GForge for Defense & Aerospace

On-premise ALM for ITAR-controlled and CMMC-aligned environments.
Air-gapped capable. Under your control.

Complete ALM That Meets Your Security Requirements

GForge provides everything defense contractors and aerospace companies need to build software securely: source code management (Git/SVN), issue & requirements tracking, documents/wiki, approvals/workflows, audit trails, and project dashboards—all on your infrastructure.

Serving defense and aerospace environments for over 14 years. References available under NDA.

  • On-Premise Deployment — Install behind your firewall, on your servers
  • Air-Gapped Capable — Fully functional without internet connectivity
  • Supports ITAR-Controlled Workflows — Your data remains within your infrastructure
  • U.S.-Based Support — American company, American support team

Procurement, NDA, and security review support available.

GForge’s on-premise option was critical for our classified programs. We needed complete control over where our data lives.

— Defense Contractor PM
Request a Deployment Walkthrough

Request Security Artifacts

Speak directly with a solutions engineer — not a sales rep.

What is ALM in Defense & Aerospace?

Application Lifecycle Management (ALM) in defense and aerospace refers to the integrated management of requirements, source code, testing, and documentation across the full development lifecycle — from initial requirements through delivery and long-term sustainment.

Unlike commercial software development, defense and aerospace programs require traceability at every step: a change to a requirement must trace through design, code, test cases, and verification artifacts. ALM platforms purpose-built for these environments provide audit trails, controlled workflows, and access restrictions that general-purpose tools like Jira or GitHub cannot match without significant custom integration — and without introducing cloud dependencies that may be incompatible with classified environments.

GForge provides this in a single on-premise platform: requirements tracking linked directly to commits, configurable approval workflows, role-based access control, and comprehensive audit logs — all deployable behind your firewall or on an air-gapped network.

GForge is a fit for:

  • Defense & aerospace organizations requiring on-prem or air-gapped ALM
  • Contractors managing multiple classified or compartmentalized programs
  • Teams needing full auditability and data sovereignty
  • Organizations with ITAR, CMMC, or similar compliance requirements

Probably not the best fit for:

  • Teams looking for a lightweight SaaS-only tool
  • Organizations without compliance or data residency concerns
  • Teams optimizing primarily for lowest-cost SaaS

Everything You Need to Build Better Software, Securely

Secure Source Control

Git and Subversion repositories with granular access controls, branch protection, and complete audit trails. Keep your source code under your control, on your servers.

Issue & Requirements Tracking

Configurable trackers for bugs, requirements, change requests, and RFCs. Custom workflows ensure your process is followed exactly as specified.

Document Management

Secure storage for technical documents, specifications, and controlled files. Version control and access restrictions ensure only authorized personnel see sensitive materials.

Agile & Traditional PM

Sprints, Kanban boards, milestones, and releases. Whether you follow Agile, waterfall, or a hybrid approach, GForge adapts to your methodology.

CI/CD Integration

Integrate with Jenkins, GitLab CI, or your existing build infrastructure. Our Jenkins plugin supports multiple Jenkins servers reporting to a single GForge instance—ideal for environments with separate build infrastructure per program or network. Build status and deployment tracking directly in your project dashboards.

Role-Based Access Control

Fine-grained permissions at every level. Control who can see, edit, or administer projects, trackers, documents, and code repositories.

Your Data, Your Infrastructure, Your Control

Choose the deployment model that fits your security requirements.

On-Premise

Common for ITAR Environments

Full installation on your infrastructure. Complete control over data, security, and network access. Deploy behind your firewall, integrate with existing LDAP/AD, and operate without internet connectivity. Ideal for air-gapped and classified environments.

Offline install & upgrades: Download once to removable media, then install or upgrade on air-gapped networks with no internet connection required.

Project portability: Export and import complete projects between GForge instances as programs are classified, declassified, or transferred between contractors.

Private Cloud

GForge deployed on your AWS GovCloud, Azure Government, or private cloud infrastructure. Your cloud, your compliance boundary. Deploy into FedRAMP-authorized environments with managed or self-managed options.

Commercial SaaS

Hosted and managed by GForge Group for teams without strict data residency requirements. Automatic updates, U.S.-based data centers, 99.9% uptime SLA, and daily backups included.

Built for Regulated Environments

GForge provides the foundation for ITAR, CMMC, and other compliance frameworks. Our on-premise deployment gives you complete control over where your data lives and who can access it.

Customers are responsible for their compliance program; GForge provides controls and deployment options that support it.

ITAR

ITAR compliance requires that controlled technical data is accessible only to U.S. persons and authorized foreign nationals. On-premise deployment means your data never traverses infrastructure outside your control. Air-gapped deployment eliminates the risk of accidental data exfiltration entirely — no outbound internet, no cloud dependencies, no license phone-home.

CMMC Level 2+

GForge directly supports key CMMC practice domains through role-based access control down to individual trackers and repositories, comprehensive audit logs of every user action, LDAP/AD and SAML/OIDC integration for identity and authentication, and on-premise deployment that keeps CUI within your infrastructure boundary.

DO-178C (Airborne Software)

DO-178C requires complete traceability from high-level requirements through source code, test cases, and test results. GForge supports this through requirement tracker items linked directly to commits, requirements-to-test-case traceability, and configurable change control board (CCB) workflows that enforce review and approval before changes are promoted. Teams can configure workflow transitions to reflect their specific DO-178C process.

MIL-STD-498

GForge’s tracker and workflow engine supports the traceability and change control requirements of MIL-STD-498 when configured accordingly. Requirements loaded into trackers can be linked directly to the commits that implement them. When a requirement changes, workflow transitions provide visibility and enforce process. Change control board approval can be implemented through workflow status transitions, creating a logged record of who approved what and when.

Quality Management Audits

GForge maintains comprehensive audit trails across all project activity — every ticket change, commit, workflow transition, and document update is logged with user, timestamp, and detail. This record-keeping supports the documentation and traceability requirements of quality management audits, giving your team exportable evidence of process compliance without manual record-keeping overhead.

Supports ITAR Workflows

On-prem deployment enables ITAR data handling requirements

CMMC-Aligned Controls

Supports access control requirements for CMMC Level 2+

Audit Ready

Complete activity logs for compliance audits

U.S. Company

American company, American support team

Security Artifacts Available on Request

We understand security reviews require documentation. The following materials are available to qualified prospects:

  • Architecture Overview
  • Data Flow Diagram
  • Logging & Audit Overview
  • RBAC Model Summary
  • Control Mapping Guidance
  • Deployment Requirements

Explore GForge in More Detail

For teams that prefer self-service evaluation, you can explore our complete documentation and ask questions about deployment models, permissions, workflows, and compliance considerations.

Ask AI About GForge →

Uses your AI tool of choice with our published documentation. No data shared with GForge.

Instances

0

Additional Procurement

1

License Agreement

One License. Unlimited Instances. Zero Procurement Delays.

When programs are so sensitive they require complete network isolation, the last thing you need is a procurement bottleneck. Our enterprise licensing model lets you deploy new GForge instances on-demand—no additional purchase orders, no waiting.

Common scenario: Program A requires an air-gapped enclave, Program B operates on SIPR/NIPR-separated infrastructure, and Program C includes subcontractors with different clearance levels. GForge lets you spin up separate instances for each—under one enterprise agreement.
  • Compartmentalized Programs — Spin up dedicated instances for classified or compartmentalized programs on isolated networks.
  • No Per-Instance Fees — Your enterprise license covers unlimited deployments. New project needs isolation? Deploy in hours, not months.
  • Simplified Compliance — Each instance is fully independent—separate databases, separate access controls, separate audit trails.
  • Contractor-Friendly — Perfect for organizations managing multiple contracts with different security requirements.

Purpose-Built for Defense & Aerospace Workflows

Embedded Systems Development

  • Track firmware versions and hardware dependencies
  • Manage requirements traceability
  • Coordinate hardware/software integration
  • Document testing and certification

Avionics Software

  • Supports DO-178C traceability workflows
  • Requirements to test case traceability
  • Configuration management
  • Change control board (CCB) workflows

Defense Contractor Programs

  • Multi-contractor collaboration (controlled)
  • Subcontractor access management
  • Deliverable tracking and milestones
  • Program-level reporting

Research & Development

  • Prototype tracking and versioning
  • Lab notebook integration
  • IP protection and access control
  • Grant and funding milestone tracking

GForge vs. Jira/Confluence in Classified Environments

Most defense teams evaluating ALM platforms are coming from — or considering — Jira + Confluence + Bitbucket. Here’s the practical difference in classified environments.

Jira + Confluence + Bitbucket GForge
Air-gapped deployment Not supported Native
Per-instance licensing Per instance Unlimited instances, one license
ITAR data residency Cloud-dependent Full on-prem
Integrated platform 3 separate tools Single platform
Offline install & upgrade Not available Via removable media
Support Tiered / offshore Direct U.S. team

Atlassian’s server license sunset in 2024 left many defense contractors without a supported on-premise option. GForge is a purpose-built replacement — not a workaround — providing the same integrated functionality with deployment options that classified environments actually support.

Ready to Secure Your Development Process?

Talk to our team about your security requirements and see how GForge can support your compliance needs.

Schedule a Deployment Walkthrough    Download for Evaluation

On-premise evaluation licenses available for qualified defense contractors.