Cyber security incidents occur frequently around the world, causing companies to suffer heavy losses. In November 2021, the well-known logo4j vulnerability affected as many as 60,000 open source software around the world, affecting more than 70% of companies. In March 2022, a large gas station service provider was attacked by ransomware, requiring it to pay a ransom of US$2 million in exchange for a decryptor.
To this end, relevant domestic regulations have been introduced to strengthen network security risk management and control. For example, in June 2023, the State Administration of Financial Supervision issued the "Notice on Strengthening Network and Data Security Management in Third-Party Cooperation" and reported multiple security risk incidents.
What causes frequent security incidents? It becomes increasingly difficult for software applications to comply with safety regulatory requirements. Most of these problems stem from security risks in the software application production process. You can understand that the equipment in the kitchen is unhygienic and the production process is not standardized, which will lead to food safety hazards and will be investigated and reported by the regulatory bureau. As for software applications, if there is no security protection in the production process and is attacked by external parties, the software produced is prone to security incidents, and may even be ordered to be removed from the shelves for violating regulations.
Huawei Cloud CodeArts launched a software supply chain security solution that adds corresponding protection mechanisms to 12 security threat points in the software workflow.
- Code inspections prevent developers from writing unsafe code;
- Code inspection, code cabin manual review, and permission control prevent the submission of unsafe code;
- Access control policies, code cabin security protection, and security scanning capabilities prevent the code management system from being compromised and ensure that the code is trustworthy;
- Prevent the build from being maliciously modified by isolating and sealing the automated build process from the "build environment";
- Fine-grained permission control to avoid CI/CD integrated delivery being maliciously compromised;
- Open source governance and software component analysis ensure trustworthy dependencies and prevent erroneous dependencies and dependencies from being maliciously poisoned;
- Add full closure and automation to continuous integration delivery, build traceability, and prevent CI/CD from being maliciously bypassed;
- Permission access control and product warehouse integrity protection capabilities prevent the package management system from being compromised;
- Product security scanning and integrity checking to prevent the use of incorrect packages during version release;
- Permission access control and automated deployment prevent the deployment process from being tampered with;
- Verify the integrity of the deployment package during the deployment process to prevent tampering or non-compliance of the deployment content;
- Vulnerability checking and vulnerability blocking capabilities in the running state prevent the exploitation of vulnerabilities in the running state.
12 major security protection points comprehensively protect software production operations, supporting rapid response to log4j vulnerabilities, detecting vulnerabilities within 24 hours, completing traceability verification of all related products within 48 hours, and tracing a total of 179 affected products. Huawei Cloud CodeArts supply chain security solution provides end-to-end comprehensive protection, ensuring the production of "safe software", reducing the risk of enterprise application security incidents, and helping enterprise applications successfully pass the protection compliance inspection.
Try CodeArts for free: https://www.huaweicloud.com/devcloud/
Click to follow and learn about Huawei Cloud’s new technologies as soon as possible~
The pirated resources of "Qing Yu Nian 2" were uploaded to npm, causing npmmirror to have to suspend the unpkg service. Zhou Hongyi: There is not much time left for Google. I suggest that all products be open source. Please tell me, time.sleep(6) here plays a role. What does it do? Linus is the most active in "eating dog food"! The new iPad Pro uses 12GB of memory chips, but claims to have 8GB of memory. People’s Daily Online reviews office software’s matryoshka-style charging: Only by actively solving the “set” can we have a future. Flutter 3.22 and Dart 3.4 release a new development paradigm for Vue3, without the need for `ref/reactive `, no need for `ref.value` MySQL 8.4 LTS Chinese manual released: Help you master the new realm of database management Tongyi Qianwen GPT-4 level main model price reduced by 97%, 1 yuan and 2 million tokens