Description Enterprise-grade Gitea container with FIPS 140-2 compliance, providing a secure, self-hosted Git service with integrated CI/CD capabilities. Features enhanced security controls, STIG hardening, and comprehensive audit logging for regulated environments.
Key Features Core capabilities and strengths of this container
FIPS 140-2 validated cryptographic modules STIG-compliant security configurations Built-in audit logging and monitoring Enterprise authentication integration Common Use Cases Typical scenarios where this container excels
Secure source code management in regulated environments Enterprise DevSecOps implementations Government and military software development Financial services code repositories Pull Latest Image Download the container image from the registry
docker pull clnstrt-images.cleanstart.com/$ORGANIZATION/gitea-fips:latestdocker pull clnstrt-images.cleanstart.com/$ORGANIZATION/gitea-fips:1.20Basic Run Run the container with basic configuration
bash docker run -d --name gitea-fips \
-p 3000:3000 \
-v gitea-data:/data \
clnstrt-images.cleanstart.com/$ORGANIZATION/gitea-fips:latestProduction Deployment Deploy with production security settings
bash docker run -d --name gitea-fips-prod \
--read-only \
--security-opt=no-new-privileges \
--user 1000:1000 \
-v gitea-data:/data \
-v gitea-config:/etc/gitea \
-p 3000:3000 \
-p 22:22 \
clnstrt-images.cleanstart.com/$ORGANIZATION/gitea-fips:latestVolume Mount Mount local directory for persistent data
bash docker run -d \
-v $(pwd)/gitea-data:/data \
-v $(pwd)/gitea-config:/etc/gitea \
clnstrt-images.cleanstart.com/$ORGANIZATION/gitea-fips:latestPort Forwarding Run with custom port mappings
bash docker run -d \
-p 8080:3000 \
-p 2222:22 \
clnstrt-images.cleanstart.com/$ORGANIZATION/gitea-fips:latestEnvironment Variables Configuration options available through environment variables
GITEA_CUSTOM Custom configuration directory /data/giteaGITEA_WORK_DIR Working directory /dataGITEA_APP_NAME Application name GiteaGITEA_RUN_MODE Run mode (prod/dev) prodSecurity Best Practices Recommended security configurations and practices
Enable FIPS mode in configuration Configure SSL/TLS for all connections Implement regular security audits Use external authentication (LDAP/SAML) Enable audit logging Regular backup of Git repositories Monitor system resources Apply security patches promptly Kubernetes Security Context Recommended security context for Kubernetes deployments
yaml securityContext:
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: RuntimeDefaultDocumentation Resources Essential links and resources for further information