METHOD AND SYSTEM FOR CONTROLLING SOFTWARE RISKS FOR SOFTWARE DEVELOPMENT
First Claim
1. A computer-implemented method of controlling a potentially unacceptable software component intended for a repository environment which includes a software repository, comprising:
- providing, in a policy storage, a pre-defined repository policy associated with the repository environment, the pre-defined repository policy defines risks and, for each of the risks, an action to take for the risk, wherein the actions to take for the risk are selected from at least a pass action and a does-not-pass action, wherein the actions are pre-defined programmatic steps;
determining, by a processor, responsive to receiving a request for a software component, whether the software component which is requested is new to the software repository;
when the software component is determined to not be new to the software repository;
passing, by the processor, the software component through;
when the software component is determined to be new to the software repository;
determining, by the processor, from a risk match unit, risks which match the software component;
evaluating, by the processor, the risks which were determined to match the software component, to determine the actions, as defined in the pre-defined repository policy, to take for the risks determined to match the software component;
following, by the processor, the pass action, defined in the pre-defined repository policy, for components that are determined to pass, wherein the pass action includes to add the software component to the software repository, when the risk of the software component is evaluated to pass the pre-defined repository policy;
following, by the processor, the does-not-pass action, defined in the pre-defined repository policy, for components that are determined to not pass as a potentially unacceptable software component, when the risk of the software component is evaluated to not pass the pre-defined repository policy.
2 Assignments
0 Petitions
Accused Products
Abstract
A computer system, method, or computer-readable medium controls a potentially unacceptable software component intended for a software repository. A pre-defined application or repository policy associated with the repository or application pre-defines risks and, for each of the risks, an action to take for the risk. The action can be a pass action or a does-not-pass action, which are pre-defined programmatic steps also defined in the policy. When the component is not new to the repository or the application, the component is passed through for the usual handling. When the component is new, risks are determined that match the software component; for risks which match, the actions are taken as defined in the pre-defined policy. The pass action can include adding the software component to the software repository. The does-not-pass action is followed for a component that does not pass as a potentially unacceptable software component.
-
Citations
20 Claims
-
1. A computer-implemented method of controlling a potentially unacceptable software component intended for a repository environment which includes a software repository, comprising:
-
providing, in a policy storage, a pre-defined repository policy associated with the repository environment, the pre-defined repository policy defines risks and, for each of the risks, an action to take for the risk, wherein the actions to take for the risk are selected from at least a pass action and a does-not-pass action, wherein the actions are pre-defined programmatic steps; determining, by a processor, responsive to receiving a request for a software component, whether the software component which is requested is new to the software repository; when the software component is determined to not be new to the software repository; passing, by the processor, the software component through; when the software component is determined to be new to the software repository; determining, by the processor, from a risk match unit, risks which match the software component; evaluating, by the processor, the risks which were determined to match the software component, to determine the actions, as defined in the pre-defined repository policy, to take for the risks determined to match the software component; following, by the processor, the pass action, defined in the pre-defined repository policy, for components that are determined to pass, wherein the pass action includes to add the software component to the software repository, when the risk of the software component is evaluated to pass the pre-defined repository policy; following, by the processor, the does-not-pass action, defined in the pre-defined repository policy, for components that are determined to not pass as a potentially unacceptable software component, when the risk of the software component is evaluated to not pass the pre-defined repository policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer-implemented method of controlling a potentially unacceptable software component intended for a repository environment which includes a software repository, comprising:
-
providing, in a policy storage, a pre-defined application policy associated with both the repository environment and an application, the pre-defined application policy is different from a policy associated with the repository and the pre-defined application policy can be different from policies associated with other applications, the pre-defined application policy defines risks and, for each of the risks, an action to take for the risk, wherein the actions to take for the risk are selected from at least a pass action and a does-not-pass action, wherein the actions are pre-defined programmatic steps; determining, by a processor, responsive to a commit asset action or build action for the application that includes software components, for each of the software components, whether the software component which is requested is new to the application; when the software component is determined to not be new to the application; passing, by the processor, the software component through; when the software component is determined to be new to the application; determining, by the processor, from a risk match unit, risks which match the software component; evaluating, by the processor, the risks which were determined to match the software component, to determine the actions, as defined in the pre-defined application policy, to take for the risks determined to match the software component; following, by the processor, the pass action, defined in the pre-defined application policy, for components that are determined to pass, wherein the pass action includes to add the software component to the software repository, when the risk of the software component is evaluated to pass the pre-defined application policy; following, by the processor, the does-not-pass action, defined in the pre-defined repository policy, for components that are determined to not pass as a potentially unacceptable software component, when the risk of the software component is evaluated to not pass the pre-defined application policy. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification