IBM ya sanar da samuwar Mai Binciken Hadarin Code a cikin Sabis na Cigaba da Bayarwa na Cloud Cloud, aiki don samar da masu ci gaba Binciken DevSecOps da bin doka.
Mai Nazarin Hadarin Lamari za a iya saita shi don farawa a kan farawa daga bututun mai ƙira kuma yayi nazari kuma yana nazarin wuraren ajiyar Git neman matsala sananne ga kowane lambar buɗe tushen da ke buƙatar sarrafawa.
Yana taimaka samar da sarƙoƙin kayan aiki, gini da gwaje-gwaje ta atomatik kuma yana ba masu amfani damar sarrafa ingancin software tare da nazari, a cewar kamfanin.
Burin mai binciken lambar shine a ba da izinin ƙungiyoyin aikace-aikace gano barazanar tsaro ta yanar gizo, fifita lamuran tsaro wadanda zasu iya shafar aikace-aikace, da warware matsalolin tsaro.
IBM's Steven Weaver ya ce a cikin sakon:
“Rage haɗarin shigar da rauni a cikin lambarka yana da mahimmanci ga ci gaban nasara. Kamar yadda tushen budewa na asali, kwantena, da fasahar girgije suka zama gama gari kuma masu mahimmanci, sanya idanu da gwaji a baya cikin cigaban ci gaba na iya adana lokaci da kuɗi.
“A yau, IBM na farin cikin sanar da Mai Binciken Hadarin Code, wani sabon fasali na IBM Cloud Continued Delivery. Developirƙira tare da ayyukan Bincike na IBM da kuma ra'ayoyin abokan ciniki, Code Risk Analyzer yana bawa masu haɓakawa kamar ku saurin tantancewa da kuma gyara duk wani haɗarin doka da na tsaro waɗanda zasu iya kutsawa cikin lambarku ta asali kuma su bayar da martani kai tsaye cikin lambarku. Git kayan tarihi (misali, ja / haɗa buƙatun). An ba da Mai Binciken Hadarin Code a matsayin saitin ayyukan Tekton wanda za a iya shigar da shi cikin sauƙi cikin hanyoyin sadarwar ku.
Lamarin Hadarin Lamarin yana samar da ayyuka masu zuwa zuwa duba maɓallan tushen tushen IBM Cloud Cigaba da Isarwa Git da Binciken Bugawa (GitHub) don neman sanannun rauni.
Abubuwan haɓaka sun haɗa da gano raunin aiki a cikin aikace-aikacenku (Python, Node.js, Java) da tsarin tsarin aiki (hoton asali) dangane da ƙwarewar barazanar Snyk. da Bayyana, kuma suna bayar da shawarwarin gyarawa.
IBM ya yi aiki tare da Snyk don haɗakar da ɗaukar sa Cikakken software na tsaro don taimaka muku nemo ta atomatik, fifiko da kuma daidaita yanayin rauni a cikin kwantena buɗe tushen abubuwa da masu dogaro da farkon aikinku.
Snyk Intel Vulnerability Database ana ci gaba da shirya shi ta hanyar ƙwararrun masu bincike na tsaro na Snyk don bawa ƙungiyoyi damar yin kyakkyawan tasiri wajen ƙunshe da al'amuran tsaro na buɗe tushen, yayin da suka ci gaba da mai da hankali akan ci gaba.
Clair shine tushen buɗaɗɗen aiki don tsayayyen bincike rauni a cikin kwantena aikace-aikace. Saboda kuna yin binciken hotuna ta amfani da nazarin tsaye, zaku iya nazarin hotuna ba tare da yin amfani da akwatin ku ba.
Mai binciken Hadarin Code yana iya gano kurakuran sanyi a cikin fayilolin tura kayan Kubernetes dangane da ƙa'idodin masana'antu da kyawawan halaye na al'umma.
Mai Nazarin Hadarin Lamari yana haifar da nomenclature (BoM) A wanda ke wakiltar duk dogaro da tushen su don aikace-aikace. Hakanan, aikin BoM-Diff yana ba ku damar kwatanta bambance-bambance a cikin kowane abin dogaro da rassan tushe a cikin lambar tushe.
Duk da cewa hanyoyin da suka gabata sun maida hankali kan aiki a farkon bututun mai lambar, amma sun tabbatar basu da inganci saboda hotunan an taqaita su zuwa inda suke dauke da mafi karancin nauyin da ake buqata don gudanar da aikace-aikace kuma hotunan suna da yanayin ci gaban aikace-aikacen.
Don kayan aikin aikace-aikace, Mai Nazarin Risk Code yana nufin samar da rauni, lasisi, da CIS cak kan abubuwan daidaitawa, samar da BOM, da kuma yin tsaro.
Fayilolin Terraform (* .tf) da ake amfani dasu don samarwa ko saita ayyukan girgije kamar su Cloud Object Store da LogDNA suma ana bincika su don gano kurakuran sanyi na tsaro.
Source: https://www.ibm.com