DEVELOPER-FOCUSED CONTEXT-AWARE APPLICATION SECURITY PLATFORM

DEVELOPER-FOCUSED CONTEXT-AWARE APPLICATION SECURITY PLATFORM

In one aspect, a system that provides a context-aware code security solution within a continuous integration and continuous deployment (CI/CD) pipeline is disclosed. During operation, the system can receive a set of security vulnerabilities generated by a set of security tools incorporated with the...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Chitalia, Harshit Naresh, Parikh, Harshil
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:In one aspect, a system that provides a context-aware code security solution within a continuous integration and continuous deployment (CI/CD) pipeline is disclosed. During operation, the system can receive a set of security vulnerabilities generated by a set of security tools incorporated with the CI/CD pipeline. The system further receives contextual data associated with the set of security vulnerabilities from a set of DevOps tools used by the CI/CD pipeline. Next, the system augments the set of security vulnerabilities with the received contextual data. The system next prioritizes the augmented security vulnerabilities to identify a subset of high-priority vulnerabilities within the set of security vulnerabilities. The system subsequently notifies the owners of the identified subset of high-priority vulnerabilities to cause the subset of high-priority vulnerabilities to be fixed by the owners.