Browse Prior Art Database

Method and System for Automatically Correlating Security Controls in end-to-end DevOps Deployment Pipeline

IP.com Disclosure Number: IPCOM000242098D
Publication Date: 2015-Jun-18
Document File: 2 page(s) / 97K

Publishing Venue

The IP.com Prior Art Database

Abstract

Disclosed is a method and system to integrate and enforce pluggable discovery toolsets with security policies that are injected early in the DevOps development deployment pipeline. The method and system discovers and applies security controls early in the software development lifecycle via pluggable Cloud Management Platforms/Orchestration toolsets.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 64% of the total text.

Page 01 of 2

Method and System for Automatically Correlating Security Controls in end -to-end DevOps Deployment Pipeline

Disclosed is a method and system to integrate and enforce pluggable discovery toolsets with security policies that are injected early in the DevOps development deployment pipeline. The method and system discovers and applies security controls early in the software development lifecycle via pluggable Cloud Management Platforms/Orchestration toolsets.

Orchestration/Management platforms typically have some mechanism to provide resource/component tags on various resources in the environment. Correlating those tags with discovered security policies required for installations provides a mechanism to then apply an appropriate security policy per component tag.

In accordance with the method and system disclosed herein, process of setup begins with pulling security policies into a cloud Management Platform/Orchestration tool via a pluggable mechanism/toolset. Each security policy is given a tag corresponding to a component that the security policy is covering. Similarly, anytime a new component is being designed, the orchestration/management platform matches the installation on the to-be resource with an appropriate security tags previously identified.

Figure

The Figure illustrates an exemplary scenario wherein a user wants to build an application using patterns for a DB2 and WAS server (both on Linux). The user identifies the required components via the orchestrat...