Library scan for live applications

US 10,229,251 B1
Filed: 08/11/2016
Issued: 03/12/2019
Est. Priority Date: 08/11/2016
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

detecting a triggering event for scanning an application package deployed in a distributed computing platform for licensing information, the event providing an identifier of the application package;

identifying, in response to the triggering event and based on the identifier of the application package, a package manager that staged the application package in the distributed computing platform, wherein the package manager is configured to transform code of an application program into an executable component of the application package for the distributed computing platform;

obtaining, from the application package and the package manager, respective paths of a plurality of libraries of the application package;

determining a respective checksum of each respective path of each library of the plurality of libraries of the application package;

performing a name and version lookup in a library index database using each respective checksum to obtain a respective name and a respective version identifier for each library of the plurality of libraries of the application package, wherein the library index database stores checksums of a plurality of versions of a plurality of libraries;

obtaining, from a license database, respective content of a respective license or a respective authorization of each library using the respective name and respective version identifier obtained for the library;

determining, based on content of the licenses or authorizations, that the plurality of libraries of the application package include an unlicensed or unauthorized component; and

providing a notification of the unlicensed or unauthorized component for presentation on a client device,wherein the method is performed by one or more processors.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and computer-readable media for monitoring states of application packages deployed on a cloud-based application deployment platform. A notification service retrieves a copy of a deployed application package and metadata associated with the application package from the cloud-based deployment platform, and identifies libraries of the application package. The notification service can then determine which, if any, libraries are or will become out-of-date, and obtain license information about the libraries. The notification service can provide notifications of any outdated components and on license compatibilities or incompatibilities. The notification service can automatically restage the application package, or update the license, upon finding outdated components or license incompatibilities.

24 Citations

View as Search Results

15 Claims

1. A method, comprising:
- detecting a triggering event for scanning an application package deployed in a distributed computing platform for licensing information, the event providing an identifier of the application package;
  
  identifying, in response to the triggering event and based on the identifier of the application package, a package manager that staged the application package in the distributed computing platform, wherein the package manager is configured to transform code of an application program into an executable component of the application package for the distributed computing platform;
  
  obtaining, from the application package and the package manager, respective paths of a plurality of libraries of the application package;
  
  determining a respective checksum of each respective path of each library of the plurality of libraries of the application package;
  
  performing a name and version lookup in a library index database using each respective checksum to obtain a respective name and a respective version identifier for each library of the plurality of libraries of the application package, wherein the library index database stores checksums of a plurality of versions of a plurality of libraries;
  
  obtaining, from a license database, respective content of a respective license or a respective authorization of each library using the respective name and respective version identifier obtained for the library;
  
  determining, based on content of the licenses or authorizations, that the plurality of libraries of the application package include an unlicensed or unauthorized component; and
  
  providing a notification of the unlicensed or unauthorized component for presentation on a client device,wherein the method is performed by one or more processors.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein detecting the triggering event comprises receiving a request from a command line input specifying the application package.
  - 3. The method of claim 1, wherein obtaining the respective paths of the plurality of libraries comprises:
    - querying the package manager for the respective paths of the plurality of libraries of the application package.
  - 4. The method of claim 1, wherein determining that the plurality of libraries of the application package include an unlicensed or unauthorized component comprises:
    - retrieving, from the license database, a corresponding software license for each respective name and version identifier obtained for each of the plurality of libraries;
      
      comparing the retrieved licenses with stored rules, permissions, or authorizations to determine conflicts; and
      
      determining whether the plurality of libraries include an unlicensed or unauthorized component based on results of the comparing.
  - 5. The method of claim 1, wherein determining that the plurality of libraries of the application package include an unlicensed or unauthorized component comprises determining that the authorization has expired due to an update on the licenses or authorizations.
  - 6. The method of claim 5, wherein providing the notification comprises providing a user interface item for updating the licenses or authorizations.

7. A system comprising:
- one or more computers and one or more storage devices on which are stored instructions that are operable, when executed by the one or more computers, to cause the one or more computers to perform operations comprising;
  
  detecting a triggering event for scanning an application package deployed in a distributed computing platform for licensing information, the event providing an identifier of the application package;
  
  identifying, in response to the triggering event and based on the identifier of the application package, a package manager that staged the application package in the distributed computing platform, wherein the package manage is configured to transform code of an application program into an executable component of the application package for the distributed computing platform;
  
  obtaining, from the application package and the package manager, respective paths of a plurality of libraries of the application package;
  
  determining a respective checksum of each respective path of each library of the plurality of libraries of the application package;
  
  performing a name and version lookup in a library index database using each respective checksum to obtain a respective name and a respective version identifier for each library of the plurality of libraries of the application package, wherein the library index database stores checksums of a plurality of versions of a plurality of libraries;
  
  obtaining, from a license database, respective content of a respective license or a respective authorization of each library using the respective name and respective version identifier obtained for the library;
  
  determining, based on content of the licenses or authorizations, that the plurality of libraries of the application package include an unlicensed or unauthorized component; and
  
  providing a notification of the unlicensed or unauthorized component for presentation on a client device.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, wherein detecting the triggering event comprises receiving a request from a command line input specifying the application package.
  - 9. The system of claim 7, wherein obtaining the respective paths of the plurality of of libraries comprises:
    - querying the package manager for the respective paths of the plurality of libraries of the application package.
  - 10. The system of claim 7, wherein determining that the plurality of libraries of the application package include an unlicensed or unauthorized component comprises:
    - retrieving, from the license database, a corresponding software license for each respective name and version identifier obtained for each of the plurality of libraries;
      
      comparing the retrieved licenses with stored rules, permissions, or authorizations to determine conflicts; and
      
      determining whether the plurality of libraries include an unlicensed or unauthorized component based on results of the comparing.
  - 11. The system of claim 7, wherein determining that the plurality of libraries of the application package include an unlicensed or unauthorized component comprises determining that the authorization has expired due to an update on the licenses or authorizations.
  - 12. The system of claim 11, wherein providing the notification comprises providing a user interface item for updating the licenses or authorizations.

13. A non-transitory storage device storing instructions that are operable, when executed by one or more computers, to cause the one or more computers to perform operations comprising:
- detecting a triggering event for scanning an application package deployed in a distributed computing platform for licensing information, the event providing an identifier of the application package;
  
  identifying, in response to the triggering event and based on the identifier of the application package, a package manager that staged the application package in the distributed computing platform, wherein the package manage is configured to transform code of an application program into an executable component of the application package for the distributed computing platform;
  
  obtaining, from the application package and the package manager, respective paths of a plurality of libraries of the application package;
  
  determining a respective checksum of each respective path of each library of the plurality of libraries of the application package;
  
  performing a name and version lookup in a library index database using each respective checksum to obtain a respective name and a respective version identifier for each library of the plurality of libraries of the application package, wherein the library index database stores checksums of a plurality of versions of a plurality of libraries;
  
  obtaining, from a license database, respective content of a respective license or a respective authorization of each library using the respective name and respective version identifier obtained for the library;
  
  determining, based on content of the licenses or authorizations, that the plurality of libraries of the application package include an unlicensed or unauthorized component; and
  
  providing a notification of the unlicensed or unauthorized component for presentation on a client device.
- View Dependent Claims (14, 15)
- - 14. The non-transitory storage device of claim 13, whereindetecting the triggering event comprises receiving a request from a command line input specifying the application package.
  - 15. The non-transitory storage device of claim 13, wherein obtaining the respective paths of the plurality of of libraries comprises:
    - querying the package manager for the respective paths of the plurality of libraries of the application package.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pivotal Software, Inc. (Broadcom, Inc.)
Original Assignee
Pivotal Software, Inc. (Broadcom, Inc.)
Inventors
Dalessio, Michael, Smith, Justin, Shahid, John, Wen, James, Jahn, David, Goddard, David E., Eckhardt, Forest, Kropf, Mark W., Bayer, James Thomas, Shroyer, Brandon, Gerritz, Kelly, Smith, Samuel E., Ramirez, Gabriel, Archie, Justin T., Jamali, Amin, Rosen, Daniel George
Primary Examiner(s)
Mehrmanesh, Amir

Application Number

US15/235,042
Time in Patent Office

943 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/1073   Conversion

G06F 21/121   Restricting unauthorised ex...

G06F 8/60   Software deployment

G06F 8/71   Version control security ar...

Library scan for live applications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

24 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Library scan for live applications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links