Automated Vulnerability Check in Continuous Integration
نویسنده
چکیده
Context Using components with known vulnerabilities is still one of the most frequent causes for security incidents today [5]. It is of the essence, therefore, to possess a comprehensive overview of the software components utilized by the software, in order to mitigate the vulnerabilities they may withold prior to releasing the software. On the one hand, tools like Maven provide a reliable overview of the used components and libraries. On the other hand, entities like NIST through its National Vulnerability Database (NVD) provide the required information about existing security vulnerabilities. By augmenting the two breeds of tools/repositories we can address the problem at hand via highlighting the vulnerable components used by the software.
منابع مشابه
Peykan check, a simple continuous quality control method for hematology analyzers
A simple inexpensive con!nuous quality control method, by means of eight basic blood coun!ng parameters, obtained from automated hematology analyzers, using pa!ent samples, is described. A few samples with low, normal and high values were selected and introduced to the instrument early in the morning as the first count, the results of which are plo#ed on the appropriate chart as dots. The sa...
متن کاملبررسی آسیبپذیری سکونتگاهها در نواحی روستایی مطالعه مقایسه ای شهر فراغی و روستاهای سیلزده شرق استان گلستان
Study of vulnerability of settlements in rural areas A comparative study of salvage towns and villages in the eastern part of Golestan province There are important choices to be made after the various accidents and the numerous financial and psychological effects of rural settlements, including decisions on how to intervene in rural settlements and the adoption of reconstruction policies. This...
متن کاملAutomated Vulnerability Management of Computer Systems
With the continuous flood of vulnerabilities of computer systems, vulnerability management is a very important task for administrators to keep systems as secure as possible. However current manual vulnerability management by administrators is very time-consuming and error-prone. This paper proposes an open framework of automated vulnerability management that dramatically alleviates the burden o...
متن کاملTowards Automated Integration of Guess and Check Programs in Answer Set Programming
Reasoning (LPNMR-7), I. Niemelä and V. Lifschitz, editors, LNCS, c 2004 Springer. Towards Automated Integration of Guess and Check Programs in Answer Set Programming ? Thomas Eiter1 and Axel Polleres2 1 Institut für Informationssysteme, TU Wien, A-1040 Wien, Austria [email protected] 2 Institut für Informatik, Universität Innsbruck, A-6020 Innsbruck, Austria [email protected] Abstrac...
متن کاملARTENOLIS: Automated Reproducibility and Testing Environment for Licensed Software
Motivation: Automatically testing changes to code is an essential feature of continuous integration. For open-source code, without licensed dependencies, a variety of continuous integration services exist. The COnstraint-Based Reconstruction and Analysis (COBRA) Toolbox is a suite of open-source code for computational modelling with dependencies on licensed software. A novel automated framework...
متن کامل