I-IBM imemezele ukutholakala kweCode Risk Analyzer kusevisi yakho ye-IBM Cloud Continuous Delivery, umsebenzi we nikeza onjiniyela Ukuhlaziywa kokuphepha nokuhambisana nokuhambisana kwe-DevSecOps.
I-Code Risk Analyzer ingalungiswa ukuze isebenze ekuqaleni kusuka kwipayipi lekhodi kanjiniyela futhi kuyahlolwa futhi udlulise izinqolobane zeGit ngifuna inkathazo kwaziwa kunoma iyiphi ikhodi yomthombo evulekile edinga ukuphathwa.
Isiza ukuhlinzeka ngamathuluzi wamathuluzi, shintsha ukwakha nokuhlola, futhi ivumela abasebenzisi ukuthi balawule ikhwalithi yesoftware ngama-analytics, ngokusho kwenkampani.
Inhloso yesihlaziyi sekhodi ukuvumela amaqembu wokufaka isicelo khomba izinsongo zokuphepha kwe-cyber, beka phambili izindaba zokuphepha ezingathinta izinhlelo zokusebenza, futhi uxazulule izinkinga zokuphepha.
USteven Weaver we-IBM uthe kokuthunyelwe:
“Ukunciphisa ubungozi bokushumeka ubungozi kukhodi yakho kubalulekile ekuthuthukisweni ngempumelelo. Njengomthombo ovulekile womdabu, isitsha, nobuchwepheshe bamafu buvame kakhulu futhi bubalulekile, ukuqapha nokuhlola okuhamba phambili ngaphambi komjikelezo wentuthuko kungonga isikhathi nemali.
“Namuhla, i-IBM iyajabula ukumemezela i-Code Risk Analyzer, isici esisha se-IBM Cloud Continuous Delivery. Ithuthukiswe ngokubambisana namaphrojekthi we-IBM Research nempendulo yamakhasimende, i-Code Risk Analyzer inika amandla onjiniyela abanjengawe ukuhlola ngokushesha nokulungisa noma iziphi izingozi zomthetho nezokuphepha ezingangena ngesinyenyela ikhodi yakho yomthombo futhi zinikeze impendulo ngqo emthonjeni wekhodi yakho. Ubuciko be-git (ngokwesibonelo, ukudonsa / ukuhlanganisa izicelo). ICode Risk Analyzer inikezwa njengeqoqo lemisebenzi yeTekton, engafakwa kalula eziteshini zakho zokulethwa. ”
I-Code Risk Analyzer inikeza ukusebenza okulandelayo ku scan imithombo yolwazi esuselwa ku-IBM Cloud Continuous Delivery Git kanye ne-Issue Tracking (GitHub) efuna ubungozi obaziwayo.
Amandla afaka phakathi ukuthola ukuba sengozini kuhlelo lwakho lokusebenza (i-Python, i-Node.js, i-Java) kanye nesitaki sohlelo lokusebenza (isithombe esiyisisekelo) ngokuya ngobuhlakani obusongelayo bukaSnyk. futhi Sula, futhi unikeze izincomo zokulungisa.
I-IBM isebenzisane neSnyk ukuhlanganisa ukumbozwa kwayo Isoftware ephelele yokuphepha ukukusiza ukuthi uthole ngokuzenzakalela, ubeke phambili, futhi ulungise ukuba sengozini kweziqukathi zomthombo ovulekile nokuncika ekuqaleni kokuhamba kwakho komsebenzi.
I-Snyk Intel Vulnerability Database ihlala ilungiswa yithimba labacwaningi abanolwazi lakwa-Snyk ukunika amandla amaqembu ukuthi asebenze kahle ngokuqukatha izindaba zokuphepha zomthombo ovulekile, ngenkathi ehlala egxile entuthukweni.
I-Clair yiphrojekthi yomthombo ovulekile wokuhlaziywa kwe-static ukuba sengozini kweziqukathi zohlelo lokusebenza. Ngoba uskena izithombe usebenzisa ukuhlaziywa kwe-static, ungahlaziya izithombe ngaphandle kokusebenzisa isitsha sakho.
I-Code Risk Analyzer ingathola amaphutha wokumisa kumafayela akho okuthunyelwa kweKubernetes ngokuya ngamazinga wemboni kanye nemikhuba emihle yomphakathi.
I-Code Risk Analyzer yakha igama lesibizo (BoM) Omele konke ukuncika kanye nemithombo yabo yezinhlelo zokusebenza. Futhi, umsebenzi we-BoM-Diff ukuvumela ukuthi uqhathanise umehluko kunoma ikuphi ukuncika namagatsha ayisisekelo kukhodi yomthombo.
Ngenkathi izixazululo zangaphambilini zazigxile ekusebenzeni ekuqaleni kwepayipi lekhodi kanjiniyela, zifakazele ukuthi azisebenzi ngoba izithombe zesitsha sehliselwe lapho ziqukethe inani elincane lokukhokha elidingekayo ukwenza uhlelo lokusebenza futhi izithombe azinawo umongo wokuthuthuka wohlelo lokusebenza .
Ezakhiweni zokusebenza, i-Code Risk Analyzer ihlose ukuhlinzeka ngobungozi, amalayisense, kanye nokuhlolwa kwe-CIS ekulungiselelweni kokuphakwa, ukukhiqiza ama-BOM, nokwenza amasheke okuphepha.
Amafayela we-Terraform (* .tf) asetshenziselwa ukuhlinzeka noma ukulungiselela amasevisi wefu afana ne-Cloud Object Store ne-LogDNA nawo ayahlaziywa ukuthola amaphutha wokumiswa kwezokuphepha.
Umthombo: https://www.ibm.com