SYSTEMS AND METHODS FOR VERIFYING A SOFTWARE PRODUCT USING A SOFTWARE-SUPPLY-CHAIN-PROVENANCE VERIFICATION SERVICE

SYSTEMS AND METHODS FOR VERIFYING A SOFTWARE PRODUCT USING A SOFTWARE-SUPPLY-CHAIN-PROVENANCE VERIFICATION SERVICE

In some examples, systems and methods for verifying a software product using a software-supply-chain-provenance verification service are provided. For example, a method includes: receiving, at the software-supply-chain-provenance verification service from a deployment management system, an indicatio...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Fox, Dan, Nielsen, Kasper, Miyake, Nicholas, Silver, Casey
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:In some examples, systems and methods for verifying a software product using a software-supply-chain-provenance verification service are provided. For example, a method includes: receiving, at the software-supply-chain-provenance verification service from a deployment management system, an indication of a first software product for verification, retrieving one or more artifacts associated with the first software product for verification, performing provenance verification to the one or more artifacts to generate one or more results, and sending the one or more results of the provenance verification and the indication of the first software product to the deployment management system. The deployment management system is configured to: determine whether the first software product satisfies a security policy of a release channel based at least in part on the one or more results of the provenance verification, and allowing for the first software product to be installed through the release channel.