A method and apparatus for application version update
By combining a distributed version control system and multi-tool scanning with the compilation method of the Maiven project object model, the problems of low compilation efficiency and insufficient security in existing technologies are solved, and an efficient and automated version update and compilation process is achieved.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- CHINA CONSTRUCTION BANK
- Filing Date
- 2023-01-09
- Publication Date
- 2026-06-09
AI Technical Summary
The current compilation and deployment process is inefficient, lacks automation, lacks code scanning of open-source components, cannot detect security issues in advance, and the compilation tools do not support personalized configurations, which affects the compilation success rate.
The source code is obtained using a distributed version control system, and various tools are used for static scanning, security scanning, and version scanning. Combined with the Maiven project object model, the code is compiled to achieve automated version updates.
It improves the security and readability of the source code, enhances compilation efficiency, supports simultaneous compilation of multiple projects, reduces resource waste, and ensures a smooth update process.
Smart Images

Figure CN116048579B_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of big data technology, and in particular to a method and apparatus for application version updates. Background Technology
[0002] In the existing compilation and deployment process, a centralized version control system is usually used, which requires manual compilation of the source code uploaded by the coders. That is, the source code is obtained by manually executing the download script on the compilation machine, then clicking the compile button on the compilation software, waiting for the compilation to be completed, and then manually copying the compilation result. The compilation efficiency is low and the degree of automation is low.
[0003] Furthermore, the lack of code scanning for open-source components before compilation, coupled with the limited types of scans and tools available, makes it impossible to identify security issues in the source code, impacting compilation success rates. Additionally, existing compilation tools cannot support customized compilation processes; they cannot retrieve configuration files from different repositories for different projects, requiring manual selection of configuration files for successful compilation, resulting in low efficiency. Summary of the Invention
[0004] In view of this, embodiments of the present invention provide a method and apparatus for application version updates. Utilizing a distributed version control system to obtain source code, it enables rapid and automatic source code acquisition. Compared to manual acquisition or acquisition through a centralized version control system, the use of a local, unique version repository allows for real-time version updates and rollbacks. Simultaneously, before compilation, various tools are employed to perform static scanning, security scanning, and version scanning on the open-source components in the source code. By integrating multiple scanning methods, the security, readability, and reusability of the source code can be effectively improved, as well as the efficiency of compilation and version updates. Furthermore, embodiments of the present invention employ the Maiven project object model to compile the source code, enabling the setting up of separate repositories for reading configuration files for multiple different projects. This facilitates the synchronous compilation process of multiple projects, further improving compilation efficiency.
[0005] To achieve the above objectives, according to one aspect of the present invention, a method for application version updates is provided.
[0006] An application version update method according to an embodiment of the present invention includes: obtaining the source code corresponding to one or more applications on a server using a distributed version control system; performing static scanning, security scanning, and version scanning on the open source components in the source code using different tools; compiling the source code according to the scanning results and the Maiven project object model, and generating compilation results; and updating the version of one or more applications on the server according to the compilation results if the compilation results indicate successful compilation.
[0007] Optionally, the step of using different tools to perform static scanning, vulnerability scanning, and version scanning on the open-source components in the source code includes: compressing the source code to obtain a compressed package; downloading script data from the scanning server using an automatic download command; calling the script data to create a scanning task; and scanning the compressed package according to the scanning task.
[0008] Optionally, the method further includes: when using the first tool for static scanning, downloading first script data corresponding to the first tool from the scanning server via the automatic download command; invoking the first script data to create a static scanning task, and performing a static scan on the compressed package according to the static scanning task.
[0009] Optionally, the method further includes: when using the second tool for security scanning, downloading second script data corresponding to the second tool from the scanning server via the automatic download command; invoking the second script data to create a security scanning task, and performing a security scan on the compressed package according to the security scanning task.
[0010] Optionally, the method further includes: when using a vulnerability scanning tool for open-source components to perform version scanning, downloading third script data corresponding to the vulnerability scanning tool from the scanning server via the automatic download command; invoking the third script data to create a security scanning task, and performing version scanning on the compressed package according to the security scanning task.
[0011] Optionally, the step of compiling the source code based on the scan results and the Maiven Project Object Model, and generating a compilation result, includes: obtaining a configuration file and a Java file storing the source code using the Maiven Project Object Model; compiling the source code based on the configuration file and the Java file, and generating a compilation result.
[0012] Optionally, when there are multiple servers, the step of updating one or more applications on the servers according to the compilation result when the compilation result indicates successful compilation includes: repeatedly executing the following steps until the applications on the multiple servers have completed the version update: determining one or more target servers to be updated from the multiple servers and sending the compilation result to the target server; using the target server to parse the compilation result and determining the application deployment directory according to the parsing result, so as to update the application on the target server according to the application deployment directory; after the target server completes the update, re-determining the target server from the services that have never been updated.
[0013] Optionally, the step of parsing the compilation result using the target server and determining the application deployment directory based on the parsing result includes: backing up the historical application deployment directory on the target server; parsing the compilation result using the target server and updating the historical application deployment directory based on the parsing result to obtain the application deployment directory.
[0014] Optionally, the method further includes: stopping the application service on the target server before parsing the compilation result using the target server; and restarting the application service on the target server after obtaining the application deployment directory.
[0015] Optionally, after restarting the application service on the target server, the method further includes: calling a test script to test the application service, and if the test result shows that the application service is running normally, deploying the target server online to provide the application service to the outside world.
[0016] Optionally, the method further includes: determining a first user corresponding to the source code; after performing static scanning, security scanning, and version scanning on the source code, the method further includes: sending the scan results to the first user so that the first user can optimize the source code based on the scan results.
[0017] Optionally, the method further includes: determining a second user corresponding to the test script; and after the test script is invoked to test the application service, the method further includes: sending the test results to the second user so that the second user can optimize the test process based on the test results.
[0018] Optionally, obtaining the source code corresponding to one or more applications on the server using a distributed version control system includes: obtaining the source code from the corresponding code hosting service using a distributed version control system.
[0019] To achieve the above objectives, according to another aspect of the present invention, an apparatus for application version updates is provided.
[0020] An application version update apparatus according to an embodiment of the present invention includes: an acquisition module, used to acquire source code corresponding to one or more applications on a server using a distributed version control system; a scanning module, used to perform static scanning, security scanning, and version scanning on the source code; a compilation module, used to compile the source code according to the scanning results and generate compilation results; and an update module, used to update the version of one or more applications on the server according to the compilation results if the compilation results indicate successful compilation.
[0021] To achieve the above objectives, according to another aspect of the present invention, an electronic device for application version updates is provided.
[0022] An electronic device for application version updates according to an embodiment of the present invention includes: one or more processors; and a storage device for storing one or more programs, wherein when the one or more programs are executed by the one or more processors, the one or more processors implement an application version update method according to an embodiment of the present invention.
[0023] To achieve the above objectives, according to another aspect of the present invention, a computer-readable storage medium is provided.
[0024] An embodiment of the present invention provides a computer-readable storage medium having a computer program stored thereon, wherein the program, when executed by a processor, implements a method for updating an application version according to an embodiment of the present invention.
[0025] One embodiment of the above invention has the following advantages or beneficial effects: Utilizing a distributed version control system to obtain source code enables rapid and automatic acquisition. Compared to manual acquisition or acquisition through a centralized version control system, the use of a local, unique version repository allows for timely version updates and rollbacks. Furthermore, employing various tools to perform static scanning, security scanning, and version scanning on the open-source components before compilation, and integrating these methods, effectively improves the security, readability, and reusability of the source code, as well as the efficiency of compilation and version updates. Additionally, this embodiment uses the Maiven project object model to compile the source code, allowing for the setting up of separate repositories for reading configuration files for multiple different projects, facilitating the synchronous compilation process of multiple projects and further improving compilation efficiency.
[0026] The further effects of the aforementioned unconventional alternative methods will be explained below in conjunction with specific implementation methods. Attached Figure Description
[0027] The accompanying drawings are provided to better understand the invention and are not intended to unduly limit the scope of the invention. Wherein:
[0028] Figure 1 This is a flowchart illustrating an application version update method according to an embodiment of the present invention;
[0029] Figure 2 This is a flowchart illustrating various scanning processes according to embodiments of the present invention;
[0030] Figure 3 This is a schematic diagram of the process after scanning is completed according to an embodiment of the present invention;
[0031] Figure 4This is a flowchart illustrating the compilation process according to an embodiment of the present invention;
[0032] Figure 5 This is a schematic diagram illustrating the process of version updates on multiple servers according to an embodiment of the present invention;
[0033] Figure 6 This is a flowchart illustrating the specific process of version update on the target server according to an embodiment of the present invention;
[0034] Figure 7 This is a schematic diagram of the process of testing the updated version on the target server according to an embodiment of the present invention;
[0035] Figure 8 This is a schematic diagram of the main modules of an application version update device according to an embodiment of the present invention;
[0036] Figure 9 This is an exemplary system architecture diagram in which embodiments of the present invention can be applied;
[0037] Figure 10 This is a schematic diagram of the structure of a computer system suitable for implementing terminal devices or servers of the present invention. Detailed Implementation
[0038] The following description, in conjunction with the accompanying drawings, illustrates exemplary embodiments of the present invention, including various details to aid understanding. These details should be considered merely exemplary. Therefore, those skilled in the art will recognize that various changes and modifications can be made to the embodiments described herein without departing from the scope and spirit of the invention. Similarly, for clarity and brevity, descriptions of well-known functions and structures are omitted in the following description.
[0039] It should be noted that, unless otherwise specified, the embodiments of the present invention and the technical features thereof can be combined with each other.
[0040] It should be noted that the acquisition, storage, use, and processing of data in this application comply with the relevant provisions of national laws and regulations. The acquisition, storage, and application of user personal information involved also comply with the relevant laws and regulations and do not violate public order and good morals.
[0041] Figure 1 This is a schematic diagram illustrating the main steps of an application version update method according to an embodiment of the present invention.
[0042] like Figure 1 As shown, the application version update method of this invention mainly includes the following steps:
[0043] Step S101: Use a distributed version control system to obtain the source code corresponding to one or more applications on the server;
[0044] Step S102: Use different tools to perform static scanning, security scanning, and version scanning on the open-source components in the source code;
[0045] Step S103: Compile the source code based on the scan results and the Maiven project object model, and generate the compilation results;
[0046] Step S104: If the compilation result indicates successful compilation, update the version of one or more applications on the server according to the compilation result.
[0047] In step S101, a distributed version control system, such as Git, uses the `git` command to pull source code. Compared to the existing centralized version control system SVN, a distributed version control system has a local repository, allowing for version updates and rollbacks at any time, and easily establishing main branches. Furthermore, pulling source code from the repository is faster, and it allows specifying a repository and interacting with different remote repositories, resulting in higher efficiency. In an optional embodiment, step S101 further includes: using the distributed version control system to obtain the source code from a corresponding code hosting service. The code hosting service, such as the Gitee platform, is a Git-based code hosting and development collaboration platform that is compatible with Git version control tools.
[0048] In an optional embodiment, steps S101 to S103 are completed on the compilation server, and the server in step S104 refers to the application server that needs to update the application version.
[0049] In an optional embodiment, step S102 can be as follows: Figure 2 As shown, it specifically includes:
[0050] Step S201: Compress the source code to obtain a compressed package;
[0051] Step S202: Download script data from the scanning server using an automatic download command;
[0052] Step S203: Call the script data to create a scan task, and scan the compressed package according to the scan task.
[0053] Specifically, compressing the source code can reduce the number of files scanned and improve scanning efficiency. The automatic download command in step S202 can be the wget command in Linux systems. Executing the wget command automatically downloads the corresponding script data from the scanning server. The downloaded script data and the scan tasks executed differ for the three different scanning processes: static scanning, vulnerability scanning, and version scanning. The following provides a detailed explanation of each of the three scanning processes.
[0054] In an optional embodiment, when using the first tool for static scanning, a first script data corresponding to the first tool is downloaded from the scanning server via an automatic download command; a static scanning task is created by calling the first script data, and a static scan is performed on the compressed package according to the static scanning task. The first tool can be the open-source scanning tool SonarQube, which, compared to other code static scanning tools, can quickly query and locate problems that are difficult to locate, such as null pointer exceptions (i.e., the scanned object was not null-checked before use), memory leaks, and potential vulnerabilities (vulnerabilities that may occur when member variables are defined as public).
[0055] In another optional embodiment, when using a second tool for security scanning, a second script data corresponding to the second tool is downloaded from the scanning server via an automatic download command; the second script data is invoked to create a security scan task, and the compressed package is scanned according to the security scan task. The second tool can be Fortify, and the specific scanning process is as follows: First, the front-end language code (such as JAVA, C / C++ source code) is converted into an intermediate media file, NST (Normal Syntax Tree), by calling the language's compiler or interpreter, clarifying the calling methods, execution environment, and context between the source code. Then, the NST format file is analyzed using five major analysis engines, matching vulnerability characteristics in all rule bases, scanning for vulnerabilities, and finally generating an FPR format result file containing detailed vulnerability information. Compared to other security scanning tools, it supports the most code languages, has a fast scanning speed, and a comprehensive range of vulnerability types, capable of scanning millions of lines of code and approximately 300 vulnerabilities within minutes. Furthermore, the FPR format result file can categorize security vulnerabilities into 8 major categories and 300 subcategories, while also providing modification suggestions. It greatly reduces the time spent on code auditing, testing, and evaluation, saves costs by identifying and fixing vulnerabilities early in software development, and reduces time and maintenance costs.
[0056] In a further optional embodiment, when using a vulnerability scanning tool for open-source components to perform version scanning, a third script data corresponding to the vulnerability scanning tool is downloaded from the scanning server via an automatic download command; a security scan task is created by calling the third script data, and a version scan is performed on the compressed package according to the security scan task. The specific vulnerability scanning tool selected in this invention for open-source components is the QAXOSS open-source vulnerability scanning component provided by the QiAnXin Open Source Guardian platform, which performs security scans on the source code versions and, compared to other database tools, provides better visibility when running open-source components.
[0057] By using the three scanning processes described above and selecting specific scanning tools, different scanning tasks can be completed efficiently while ensuring compatibility. This allows for the screening of various risks before compiling the source code, thereby improving the success rate and accuracy of subsequent code compilation.
[0058] After the scanning process is completed, in one optional embodiment, it may also be as follows: Figure 3 As shown, it includes:
[0059] Step S301: Determine the first user corresponding to the source code;
[0060] Step S302: Send the scan results to the first user so that the first user can optimize the source code based on the scan results.
[0061] In this system, the first user can be the source code writer, and the scan results include static scan results, security scan results, and version scan results, allowing the source code writer to optimize the source code based on the three scan results for different problems. In an optional embodiment, the system may further include receiving a termination command from the first user to stop compiling the source code. That is, if the first user receives scan results indicating significant writing problems in the source code that do not require further compilation, they can directly send a termination command to stop subsequent compilation work, reducing unnecessary resource waste.
[0062] In an optional embodiment, the compilation process in step S103 can be as follows: Figure 4 As shown, it includes:
[0063] Step S401: Use the Maiven project object model to obtain the configuration file and the Java file storing the source code;
[0064] Step S402: Compile the source code according to the configuration file and Java file, and generate the compilation result.
[0065] Among them, the Maven Project Object Model is a mainstream compilation tool in the industry, suitable for situations where the Java package dependencies between multiple applications are complex. By manually writing the root pom.xml file, you can define the Maven repository corresponding to each source code. This allows each Maven project to obtain the dependency JARs it needs from the same Maven repository, or from multiple different remote public repositories or project-specific repositories. It offers a high degree of personalization and saves disk resources.
[0066] The compilation result may indicate success or failure. In one optional embodiment, if the compilation result indicates failure, the result is sent back to the first user, and subsequent steps are terminated, ending the process. Deployment and version updates to the server will only proceed if the compilation is successful.
[0067] In an optional embodiment, there can be multiple servers, meaning that the application needs to be updated on multiple servers. In this case, step S104 can be as follows: Figure 5 As shown, the following steps are executed repeatedly until the applications on multiple servers have completed their version updates:
[0068] Step S501: Determine one or more target servers to be updated from multiple servers, and send the compilation results to the target servers;
[0069] Step S502: Use the target server to parse the compilation results and determine the application deployment directory based on the parsing results, so as to update the application on the target server according to the application deployment directory;
[0070] Step S503: After the target server completes the update, re-determine the target server from the services that have never been updated.
[0071] By first identifying a subset of target servers from multiple servers and updating those servers, it can be ensured that some servers continue to provide normal service during the update process. This phased update of all servers guarantees that applications on the servers can always provide services during the update process, allowing for a smooth version transition without user awareness. In an optional embodiment, HAProxy can be installed on multiple servers to achieve load balancing during the version update process. By configuring the HAProxy front-end and back-end, only one target server is updated at a time, allowing all servers to complete the version update sequentially without user awareness.
[0072] The specific process of version update in step S502 is actually completed by updating the application deployment directory, as follows: Figure 6 As shown, it includes:
[0073] Step S601: Back up the historical application deployment directory on the target server;
[0074] Step S602: Use the target server to parse the compilation results and update the historical application deployment directory according to the parsing results to obtain the application deployment directory.
[0075] Furthermore, to ensure the smooth update of application services on the server, in a further optional embodiment, the application services on the target server are stopped before the compilation results are parsed using the target server; and after the application deployment directory is obtained, the application services on the target server are restarted. This process ensures that the application on the target server is in a stopped state during the update process, reducing errors and ensuring the completeness of the update by resuming service after completion.
[0076] In a further optional embodiment, after restarting the application service on the target server, the method further includes: calling a test script to test the application service; and if the test result shows normal operation, deploying the target server online to provide the application service. In an even more optional embodiment, it is also necessary to call a test script to test the application service after restarting the application service on the target server and before deploying the target server online; and if the test result shows normal operation, deploying the target server online to provide the application service. That is, after updating the application deployment directory, the application service on the target server is restarted first, and then tested to see if the application service can provide services normally. If it can, the target server is then deployed online to avoid the updated application service failing to provide services normally. Meanwhile, during the testing process, such as... Figure 7 As shown, it may also include:
[0077] Step S701: Determine the second user corresponding to the test script;
[0078] Step S702: Send the test results to the second user so that the second user can optimize the test process based on the test results.
[0079] It should be noted that the first user and the second user in this invention can be the same or different. Typically, during version updates, the first user responsible for writing the source code and the second user responsible for writing the test scripts are different users, i.e., different responsible parties for the compilation and testing stages. If problems arise in their respective stages, the responsible party for that stage can be notified and feedback provided, allowing for timely adjustments to the version update process and minimizing unnecessary resource waste. In a further optional embodiment, after the target server is published online, the process may further include: sending the publication result to the first user and / or the second user.
[0080] According to the application version update method of this invention, source code is obtained using a distributed version control system, enabling rapid and automatic acquisition. Compared to manual acquisition or acquisition through a centralized version control system, the local version repository allows for timely version updates and rollbacks. Furthermore, before compilation, various tools are used to perform static scanning, security scanning, and version scanning on the open-source components in the source code. By integrating these multiple scanning methods, the security, readability, and reusability of the source code are effectively improved, along with the efficiency of compilation and version updates. Additionally, this invention employs the Maiven project object model for source code compilation, allowing for the establishment of separate repositories for reading configuration files for multiple different projects. This facilitates the synchronous compilation process of multiple projects, further improving compilation efficiency.
[0081] Figure 8 This is a schematic diagram of the main modules of an application version update device according to an embodiment of the present invention.
[0082] like Figure 8 As shown, the application version update device 800 of this embodiment includes:
[0083] Module 801 is used to obtain the source code of one or more applications on the server using a distributed version control system.
[0084] The scanning module 802 is used to perform static scanning, security scanning, and version scanning on the open-source components in the source code using different tools.
[0085] The compilation module 803 is used to compile the source code based on the scan results and the Maiven project object model, and generate the compilation results;
[0086] Update module 804 is used to update the version of one or more applications on the server based on the compilation result if the compilation result indicates that the compilation was successful.
[0087] In an optional embodiment, the scanning module 802 is further configured to: compress the source code to obtain a compressed package; download script data from the scanning server via an automatic download command; call the script data to create a scanning task; and scan the compressed package according to the scanning task.
[0088] In an optional embodiment, the scanning module 802 is further configured to, when performing static scanning using the first tool, download first script data corresponding to the first tool from the scanning server via the automatic download command; call the first script data to create a static scanning task; and perform static scanning on the compressed package according to the static scanning task.
[0089] In an optional embodiment, the scanning module 802 is further configured to, when performing a security scan using the second tool, download second script data corresponding to the second tool from the scanning server via the automatic download command; call the second script data to create a security scan task; and perform a security scan on the compressed package according to the security scan task.
[0090] In an optional embodiment, the scanning module 802 is further configured to, when performing version scanning using a vulnerability scanning tool for open-source components, download third script data corresponding to the vulnerability scanning tool from the scanning server via the automatic download command; call the third script data to create a security scanning task; and perform version scanning on the compressed package according to the security scanning task.
[0091] In an optional embodiment, the compilation module 803 is further configured to: obtain a configuration file and a Java file storing the source code using the Maiven project object model; compile the source code according to the configuration file and the Java file; and generate a compilation result.
[0092] In an optional embodiment, when there are multiple servers, the update module 804 is further configured to repeatedly execute the following steps until the applications on the multiple servers have completed version updates: determine one or more target servers to be updated from the multiple servers, and send the compilation result to the target server; parse the compilation result using the target server, and determine the application deployment directory according to the parsing result, so as to update the application on the target server according to the application deployment directory; after the target server completes the update, re-determine the target server from the services that have never been updated.
[0093] In an optional embodiment, the update module 804 is further configured to back up the historical application deployment directory on the target server; parse the compilation result using the target server; and update the historical application deployment directory according to the parsing result to obtain the application deployment directory.
[0094] In an optional embodiment, the update module 804 is further configured to: stop the application service on the target server before parsing the compilation result using the target server; and restart the application service on the target server after obtaining the application deployment directory.
[0095] In an optional embodiment, the update module 804 is further configured to, after restarting the application service on the target server, call a test script to test the application service, and if the test result shows that the application service is running normally, publish the target server online to provide the application service to the outside world.
[0096] In an optional embodiment, the apparatus further includes a sending module for determining a first user corresponding to the source code; after performing static scanning, security scanning, and version scanning on the source code, the apparatus further includes sending the scan results to the first user so that the first user can optimize the source code based on the scan results.
[0097] In an optional embodiment, the sending module is further configured to determine the second user corresponding to the test script; after the test script is invoked to test the application service, the module further includes sending the test results to the second user so that the second user can optimize the test process based on the test results.
[0098] In an optional embodiment, the acquisition module 801 is further configured to acquire the source code from the corresponding code hosting service using a distributed version control system.
[0099] The application version update apparatus according to embodiments of the present invention utilizes a distributed version control system to obtain source code, enabling rapid and automatic source code acquisition. Compared to manual acquisition or acquisition through a centralized version control system, the local version repository allows for timely version updates and rollbacks. Furthermore, before compilation, various tools are employed to perform static scanning, security scanning, and version scanning on the open-source components in the source code. By integrating these multiple scanning methods, the security, readability, and reusability of the source code are effectively improved, along with the efficiency of compilation and version updates. Additionally, embodiments of the present invention employ the Maiven project object model for compiling the source code, allowing for the establishment of separate repositories for reading configuration files for multiple different projects. This facilitates the synchronous compilation process of multiple projects, further enhancing compilation efficiency.
[0100] Figure 9 An exemplary system architecture 900 is shown, in which the method or apparatus for application version updates according to embodiments of the present invention can be applied.
[0101] like Figure 9 As shown, system architecture 900 may include a compilation server 901, a network 902, and application servers 903, 904, and 905. Network 902 serves as the medium for providing communication links between compilation server 901 and application servers 903, 904, and 905. Network 902 may include various connection types, such as wired or wireless communication links, or fiber optic cables, etc.
[0102] Compilation server 901 can be a server that provides various services, such as a backend management server that supports the acquired source code. The backend management server can perform processing such as compiling the received source code and send the processing results (such as compilation results) to application servers 903, 904, and 905.
[0103] It should be noted that the application version update method provided in this embodiment of the invention is generally executed by the compilation server 901, and correspondingly, the application version update device is generally set in the compilation server 901.
[0104] It should be understood that Figure 9 The number of terminal devices, networks, and servers shown is merely illustrative. Depending on implementation needs, any number of terminal devices, networks, and servers can be included.
[0105] The following is for reference. Figure 10 It shows a schematic diagram of the structure of a computer system 1000 suitable for implementing a terminal device of the present invention. Figure 10 The terminal device shown is merely an example and should not impose any limitations on the functionality and scope of use of the embodiments of the present invention.
[0106] like Figure 10 As shown, the computer system 1000 includes a central processing unit (CPU) 1001, which can perform various appropriate actions and processes according to a program stored in a read-only memory (ROM) 1002 or a program loaded from a storage section 1008 into a random access memory (RAM) 1003. The RAM 1003 also stores various programs and data required for the operation of the system 1000. The CPU 1001, ROM 1002, and RAM 1003 are interconnected via a bus 1004. An input / output (I / O) interface 1005 is also connected to the bus 1004.
[0107] The following components are connected to I / O interface 1005: an input section 1006 including a keyboard, mouse, etc.; an output section 1007 including a cathode ray tube (CRT), liquid crystal display (LCD), etc., and speakers, etc.; a storage section 1008 including a hard disk, etc.; and a communication section 1009 including a network interface card such as a LAN card, modem, etc. The communication section 1009 performs communication processing via a network such as the Internet. A drive 1010 is also connected to I / O interface 1005 as needed. A removable medium 1011, such as a disk, optical disk, magneto-optical disk, semiconductor memory, etc., is installed on drive 1010 as needed so that computer programs read from it can be installed into storage section 1008 as needed.
[0108] In particular, according to the embodiments disclosed in this invention, the processes described above with reference to the flowcharts can be implemented as computer software programs. For example, embodiments disclosed in this invention include a computer program product comprising a computer program carried on a computer-readable medium, the computer program containing program code for performing the methods shown in the flowcharts. In such embodiments, the computer program can be downloaded and installed from a network via communication section 1009, and / or installed from removable medium 1011. When the computer program is executed by central processing unit (CPU) 1001, it performs the functions defined in the system of this invention.
[0109] It should be noted that the computer-readable medium shown in this invention can be a computer-readable signal medium or a computer-readable storage medium, or any combination thereof. A computer-readable storage medium can be, for example,—but not limited to—an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination thereof. More specific examples of a computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer disk, a hard disk, random access memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), optical storage device, magnetic storage device, or any suitable combination thereof. In this invention, a computer-readable storage medium can be any tangible medium containing or storing a program that can be used by or in conjunction with an instruction execution system, apparatus, or device. In this invention, a computer-readable signal medium can include a data signal propagated in baseband or as part of a carrier wave, carrying computer-readable program code. Such propagated data signals can take various forms, including but not limited to electromagnetic signals, optical signals, or any suitable combination thereof. Computer-readable signal media can also be any computer-readable medium other than computer-readable storage media, which can send, propagate, or transmit a program for use by or in connection with an instruction execution system, apparatus, or device. The program code contained on the computer-readable medium can be transmitted using any suitable medium, including but not limited to: wireless, wire, optical fiber, RF, etc., or any suitable combination thereof.
[0110] The flowcharts and block diagrams in the accompanying drawings illustrate the architecture, functionality, and operation of possible implementations of systems, methods, and computer program products according to various embodiments of the present invention. In this regard, each block in a flowchart or block diagram may represent a module, segment, or portion of code containing one or more executable instructions for implementing a specified logical function. It should also be noted that in some alternative implementations, the functions indicated in the blocks may occur in a different order than those indicated in the drawings. For example, two consecutively indicated blocks may actually be executed substantially in parallel, and they may sometimes be executed in reverse order, depending on the functions involved. It should also be noted that each block in a block diagram or flowchart, and combinations of blocks in a block diagram or flowchart, may be implemented using a dedicated hardware-based system that performs the specified function or operation, or using a combination of dedicated hardware and computer instructions.
[0111] The modules described in the embodiments of the present invention can be implemented in software or hardware. The described modules can also be housed in a processor; for example, a processor can be described as including an acquisition module, a scanning module, a compilation module, and an update module. The names of these modules do not necessarily limit the module itself; for example, the acquisition module can also be described as "a module that uses a distributed version control system to acquire the source code corresponding to one or more applications on a server."
[0112] In another aspect, the present invention also provides a computer-readable medium, which may be included in the device described in the above embodiments; or it may exist independently and not assembled into the device. The computer-readable medium carries one or more programs, which, when executed by the device, cause the device to: acquire source code corresponding to one or more applications on a server using a distributed version control system; perform static scanning, security scanning, and version scanning on the open-source components in the source code using different tools; compile the source code according to the scan results and the Maiven Project Object Model, and generate compilation results; and, if the compilation results indicate successful compilation, update the versions of one or more applications on the server according to the compilation results.
[0113] According to the technical solution of this invention, a distributed version control system is used to obtain source code, enabling rapid and automatic acquisition. Compared to manual acquisition or acquisition through a centralized version control system, the local version repository allows for timely version updates and rollbacks. Furthermore, before compilation, various tools are used to perform static scanning, security scanning, and version scanning on the open-source components in the source code. By integrating these multiple scanning methods, the security, readability, and reusability of the source code are effectively improved, as well as the efficiency of compilation and version updates. Additionally, this invention employs the Maiven project object model for compiling the source code, allowing for the setting up of separate repositories for reading configuration files for multiple different projects. This facilitates the synchronous compilation process of multiple projects, further improving compilation efficiency.
[0114] The specific embodiments described above do not constitute a limitation on the scope of protection of this invention. Those skilled in the art should understand that various modifications, combinations, sub-combinations, and substitutions can occur depending on design requirements and other factors. Any modifications, equivalent substitutions, and improvements made within the spirit and principles of this invention should be included within the scope of protection of this invention.
Claims
1. A method for application version updates, characterized in that, include: The source code of one or more applications on a server is obtained using a distributed version control system; the server refers to the application server that needs to update the application version. Different tools were used to perform static scanning, security scanning, and version scanning on the open-source components in the source code. The source code is compiled based on the scan results and the Maiven project object model, and the compilation results are generated. If the compilation result indicates successful compilation, update the version of one or more applications on the server based on the compilation result; In the case of multiple servers, if the compilation result indicates successful compilation, updating one or more applications on the servers according to the compilation result includes: Repeat the following steps until the applications on all the servers have completed their version updates: One or more target servers to be updated are determined from the plurality of servers, and the compilation results are sent to the target servers; The compilation result is parsed using the target server, and the application deployment directory is determined based on the parsing result, so as to update the application on the target server according to the application deployment directory; After the target server completes the update, the target server is re-determined from the services that have never been updated.
2. The method according to claim 1, characterized in that, The process of using different tools to perform static scanning, vulnerability scanning, and version scanning on the open-source components in the source code includes: The source code is compressed to obtain a compressed package; Download script data from the scanning server using an automatic download command; The script data is invoked to create a scan task, and the compressed package is scanned according to the scan task.
3. The method according to claim 2, characterized in that, include: When performing static scanning using the first tool, the first script data corresponding to the first tool is downloaded from the scanning server via the automatic download command; The first script data is invoked to create a static scan task, and the compressed package is statically scanned according to the static scan task.
4. The method according to claim 2, characterized in that, include: When using the second tool for security scanning, the second script data corresponding to the second tool is downloaded from the scanning server via the automatic download command; The second script data is invoked to create a security scan task, and the compressed package is scanned for security based on the security scan task.
5. The method according to claim 2, characterized in that, include: When using a vulnerability scanning tool for open-source components to perform version scanning, the third script data corresponding to the vulnerability scanning tool is downloaded from the scanning server via the automatic download command; The third script data is invoked to create a security scan task, and the compressed package is scanned for version based on the security scan task.
6. The method according to claim 1, characterized in that, The process of compiling the source code based on the scan results and the Maiven project object model, and generating the compilation results, includes: The configuration file and the Java file storing the source code are obtained using the Maiven project object model; The source code is compiled according to the configuration file and the Java file, and a compilation result is generated.
7. The method according to claim 1, characterized in that, The step of parsing the compilation result using the target server and determining the application deployment directory based on the parsing result includes: Back up the historical application deployment directory on the target server; The compilation result is parsed using the target server, and the historical application deployment directory is updated based on the parsing result to obtain the application deployment directory.
8. The method according to claim 7, characterized in that, Also includes: Before using the target server to parse the compilation results, stop the application services on the target server; After obtaining the application deployment directory, restart the application service on the target server.
9. The method according to claim 8, characterized in that, After restarting the application service on the target server, the following is also included: The application service is tested by calling a test script. If the test result shows that the application is running normally, the target server is deployed online to provide the application service to the public.
10. The method according to claim 9, characterized in that, Also includes: Determine the first user corresponding to the source code; After performing static scanning, security scanning, and version scanning on the source code, the method further includes: sending the scan results to the first user so that the first user can optimize the source code based on the scan results; And / or, The method further includes: determining the second user corresponding to the test script; after calling the test script to test the application service, the method further includes: sending the test results to the second user so that the second user can optimize the test process based on the test results.
11. The method according to claim 1, characterized in that, The method of obtaining the source code of one or more applications on the server using a distributed version control system includes: The source code is obtained from the corresponding code hosting service using a distributed version control system.
12. An apparatus for application version updates, characterized in that, include: The acquisition module is used to acquire the source code of one or more applications on the server using a distributed version control system. The server referred to here is the application server that requires application version updates; The scanning module is used to perform static scanning, security scanning, and version scanning on the open-source components in the source code using different tools. The compilation module is used to compile the source code based on the scan results and the Maiven project object model, and generate the compilation results; An update module is used to update the version of one or more applications on the server based on the compilation result if the compilation result indicates that the compilation was successful. In the case of multiple servers, the update module is further configured to repeatedly execute the following steps until the applications on the multiple servers have completed their version updates: One or more target servers to be updated are determined from the plurality of servers, and the compilation results are sent to the target servers; The compilation result is parsed using the target server, and the application deployment directory is determined based on the parsing result, so as to update the application on the target server according to the application deployment directory; After the target server completes the update, the target server is re-determined from the services that have never been updated.
13. The apparatus according to claim 12, characterized in that, The scanning module is further configured to: compress the source code to obtain a compressed package; download script data from the scanning server via an automatic download command; call the script data to create a scanning task; and scan the compressed package according to the scanning task.
14. The apparatus according to claim 13, characterized in that, The update module is also used to back up the historical application deployment directory on the target server; parse the compilation result using the target server, and update the historical application deployment directory according to the parsing result to obtain the application deployment directory.
15. An electronic device for application version updates, characterized in that, include: One or more processors; Storage device for storing one or more programs. When the one or more programs are executed by the one or more processors, the one or more processors implement the method as described in any one of claims 1-11.
16. A computer-readable medium having a computer program stored thereon, characterized in that, When the program is executed by the processor, it implements the method as described in any one of claims 1-11.
17. A computer program product, comprising a computer program, characterized in that, When the computer program is executed by a processor, it implements the method as described in any one of claims 1-11.