Component dependency relationship analysis method and system based on graph database

Abstract

The invention provides a graph database-based component dependency relationship analysis method and system. The method comprises the following steps of: obtaining a plurality of service files of a target object; respectively extracting a plurality of components in each service file; performing vulnerability detection on the target object to obtain vulnerabilities of the target object; constructing a graph model in the graph database, and importing the components and the vulnerabilities into the graph database; and receiving a query instruction containing the known vulnerability, and querying the graph database according to the query instruction to obtain a query result. According to the method, the concept of a graph is introduced for component management, and the problem that the security problems of component assets and component asset dependency chains are difficult to find, manage and analyze is effectively solved by combining various components and component dependency discovery and enrichment technologies.

Description

technical field [0001] The invention belongs to the technical field of network information security, and in particular relates to a method and system for analyzing component dependencies based on a graph database. Background technique [0002] A component mainly refers to an object entity that can complete some functional services and provide external functional services in a certain form (providing an interface or providing a running environment, etc.). Common manifestations include libraries, packages, web servers, frameworks and applications. Wait. Any kind of network service and application today can be understood as a more powerful set of components composed of multiple components with different basic functions through one or more association relationships. The promotion of this component concept greatly facilitates the development of various network services and applications. Developers do not need to repeatedly develop basic functional components, but only need to pu...

AI Technical Summary

Problems solved by technology

[0004] Aiming at the deficiencies in the prior art, the present invention provides a graph database-based component dependency analysis method and system, which solves the problem in the prior art that it is difficult to discover, manage and analyze the security issues of component assets and component asset dependency chains

Images