Safety and compliance treatment method suitable for open source component

A component and security technology, applied in computer security devices, electrical digital data processing, instruments, etc., can solve compliance and compatibility risks, intellectual property risks, etc., to improve development efficiency, reduce development costs, and ensure safety sexual effect

Pending Publication Date: 2021-05-14
苏州棱镜七彩信息科技有限公司
View PDF0 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Due to the complexity of the dependencies of open source software, when using open source software, there may be compliance and compatibility risks in the licenses of different open source software, and the unreasonable use of open source licenses may leave many legal risks for enterprises. resulting in intellectual property risk

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Safety and compliance treatment method suitable for open source component
  • Safety and compliance treatment method suitable for open source component
  • Safety and compliance treatment method suitable for open source component

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0047] The specific implementation manners of the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. The following examples are used to illustrate the present invention, but are not intended to limit the scope of the present invention.

[0048] Such as Figures 1 to 6 ’s approach to security and compliance governance for open source components differs in that it includes the following steps:

[0049] Step 1, construct the knowledge base. During this period, through the acquisition module (from multiple channels) through distributed crawlers, anti-crawler bypass and update strategies to collect vulnerability characteristics, vulnerability characteristics include CVE number, title, type, solution, component name, version, One or more of the license information. The manual import module can be used for the import of specific component information and basic vulnerability information data, satisfying the dat...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a security and compliance treatment method suitable for an open source component. The method comprises the steps of 1, constructing a knowledge base, scanning a dependency configuration file, forming a component list of the component and establishing a component relation tree, 2, searching a dependency component with vulnerabilities and analyzing the dependency component, and 3, providing a vulnerability repair scheme and a dynamic repair scheme of the component. Therefore, the open source dependent component and the open source license are supported, and automatic identification and safety and compliance analysis can be carried out. And a component relationship tree is established through the dependency relationship among the components, so as to perform examination and management. And detection of vulnerability conditions associated with the component is supported. A dynamic repair scheme can be provided, and meanwhile automatic repair is supported. And vulnerabilities are continuously tracked and monitored, so that the safety of products can be ensured. The method can adapt to agile development, ci / cd tools can be integrated, safe left shift is achieved, the development efficiency is improved, and the development cost is reduced.

Description

technical field [0001] The invention relates to a governance processing method for open source components, in particular to a security and compliance governance method suitable for open source components. Background technique [0002] Recently, with the increasing use of open source software, the use of open source components in system development has become popular. In 2019, the Github report pointed out that more than 3.6 million open source projects rely on one of the Top50 open source projects, and well-known projects such as rails / rails, facebook / jest, axios / axios are used by millions of other open source projects. At the same time, open source projects have an average of 180 third-party dependent components, and the number of specific dependent components varies from a few to thousands. There are many advantages to relying on components, such as the source code being freely available and modifiable. In fact, many OSS (OpenSource Software) components have high reliabi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57
CPCG06F21/577G06F2221/033
Inventor 但吉兵唐忱罗敏
Owner 苏州棱镜七彩信息科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap