IBM yakazivisa kuwanikwa kweCode Risk Analyzer mune yako IBM Cloud Inoenderera Yekutumira sevhisi, basa re ipa vagadziri DevSecOps chengetedzo uye kutevedzera kuongororwa.
Code Risk Analyzer inogona kugadzirirwa kumhanya pakutangisa kubva kune yekuvandudza kodhi pombi uye kuongorora uye inoisa iyo Git zvinyorwa kutsvaga dambudziko inozivikanwa kune chero yakavhurwa sosi kodhi inoda kutarisirwa.
Inobatsira kupa maturakiti, otomatiki anovaka uye bvunzo, uye inobvumira vashandisi kudzora mhando ye software ne analytics, zvinoenderana nekambani.
Chinangwa chekodhi yekuongorora ndeyekutendera zvikwata zvekushandisa Ziva kutyisidzira kwekuchengetedza, isa pamberi pekuchengetedza nyaya dzinogona kukanganisa mashandisiro, uye kugadzirisa nyaya dzekuchengetedza.
Steven Weaver weBM akati mune posvo:
"Kuderedza njodzi yekuisa zvinokanganisa mune kodhi yako kwakakosha pakubudirira kubudirira. Sezvo chizvarwa chakavhurwa sosi, mudziyo, uye makore matekinoroji anova akajairika uye akakosha, kufambisa kutarisa uye kuyedza pakutanga mune yekuvandudza kutenderera kunogona kuchengetedza nguva nemari.
"Nhasi, IBM inofara kuzivisa Code Risk Analyzer, chiitiko chitsva cheIBM Cloud Inoenderera Dhirivhari. Yakagadziridzwa pamwe chete neIBM Yekutsvagisa mapurojekiti uye mhinduro yevatengi, Code Risk Analyzer inogonesa vanogadzira vakaita sewe kuti vakurumidze kuongorora nekugadzirisa njodzi dzese dzemutemo nekuchengeteka dzinogona kunge dzakapinza kodhi yekodhi yako uye nekupa mhinduro yakananga mukodhi yako. Git zvigadzirwa (semuenzaniso, kudhonza / kusanganisa zvikumbiro). Code Risk Analyzer inopihwa seti yeMabasa eTekton, ayo anogona kuve nyore kuiswa mumatanho ako ekuendesa. "
Code Risk Analyzer inopa zvinotevera mashandiro ku tarisa sosi sosi reposheni yakavakirwa pane IBM Cloud Inoenderera Dhirivhari Git uye Kuburitswa Kwenyaya (GitHub) ichitsvaga kunzwika kunozivikanwa.
Unyanzvi hunosanganisira kutsvaga kusagadzikana mune chako chishandiso (Python, Node.js, Java) uye iyo yekushandisa system stack (base mufananidzo) zvichibva paSnyk akapfuma ekutyisidzira ungwaru. uye Yakajeka, uye inopa ekugadzirisa kurudziro.
IBM yakabatana neSnyk kubatanidza kufukidza kwayo Yakakwana chengetedzo software kuti ikubatsire otomatiki kuwana, kuisa pamberi, uye kugadzirisa kusagadzikana mune yakavhurika sosi midziyo uye kutsamira pakutanga kwako kufambiswa kwebasa.
Snyk Intel Vulnerability Databhesi inogara ichiratidzwa neboka reSnyk rekutsvagisa ruzivo kuitira kuti zvikwata zvinyatsoita zvine chekuita nekuvhurika kwenzvimbo dzekuchengetedza, uku zvichiramba zvakanangana nekusimudzira.
Clair chirongwa chakavhurika sosi yekuongorora kwetsika yekushushikana mumidziyo yekushandisa. Nekuti iwe unoongorora mifananidzo uchishandisa static ongororo, unogona kuongorora mifananidzo pasina kumhanyisa mudziyo wako.
Code Risk Analyzer inogona kuona zvikanganiso zvekugadzirisa mune ako Kubernetes anotumira mafaera anoenderana nemaindasitiri zviyero uye nharaunda zvakanakisa maitiro.
Code Risk Analyzer inogadzira zita remazita (BoM) Mumiriri anomiririra kutsamira kwese uye nekwavanobva kune zvinoshandiswa. Zvakare, iyo BoM-Diff basa rinokutendera iwe kuti uenzanise misiyano mune chero kutsamira nematavi epasi mukodhi yekodhi.
Nepo mhinduro dzekare dzakanangana nekumhanya pakutanga kwepombi yemugadziri kodhi, varatidza kuti havashande nekuti mifananidzo yemidziyo yakadzikiswa kusvika paine mubhadharo wepasi pasi unodiwa kumhanyisa chikumbiro uye mifananidzo haina mamiriro ekuvandudza echikumbiro. .
Zvekushandisa zvigadzirwa, Code Risk Analyzer inovavarira kupa kusagadzikana, marezinesi, uye CIS macheki pane kuisirwa masisitimu, kugadzira maBOM, uye kuita cheki chengetedzo.
Terraform mafaera (* .tf) anoshandiswa kupa kana kugadzirisa gore masevhisi senge Cloud Object Chitoro neLogDNA inoongororwawo kuti vaone zvikanganiso zvekuchengetedzwa.
mabviro: https://www.ibm.com