Seal-based regulation for software deployment management

US 9,383,984 B2
Filed: 01/13/2014
Issued: 07/05/2016
Est. Priority Date: 01/13/2014
Status: Active Grant

First Claim

Patent Images

1. A method of managing a deployment of a software package, the method comprising the steps of:

during a build phase of the software package in a software development lifecycle, a computer generating a plurality of quality assurance (QA) seals indicating respective environments which are distributed target computing environments, the plurality of QA seals specifying that a software package, within which the QA seals are embedded prior to a deployment of the software package to the respective environments, has a compatibility with and a permission to be deployed to the respective environments, one QA seal included in the plurality of QA seals being a first data structure which includes (1) a first security token including an encryption mechanism that indicates whether the software package has been tampered with or otherwise changed, (2) a first profile including a name, a version, a build date, an identifier, and an author or manufacturer of a component of the software package, (3) a second profile including details about hardware, middleware, and applications required in a first environment in which the software package is permitted to be deployed, the first environment being included in the respective environments, (4) a third profile including an identifier and a name of a user who is responsible for verifying contents of the software package prior to the one QA seal being embedded in the software package, (5) a first specification of one or more phases of a software development lifecycle for which the one QA seal is generated, (6) a fourth profile specifying steps of a workflow of the software development lifecycle, a name and an identifier of a reviewer of the software package, a status of an approval of the software package, and a status of the software package at key decision checkpoints, (7) a fifth profile specifying dependencies of hardware and software required in the deployment of the software package in the first environment, and (8) first metadata including a timestamp of a completion of a generation of the one QA seal, a history of modification of the one QA seal, a status of an approval of the one QA seal, and a phase of the one QA seal, and another QA seal included in the plurality of QA seals being a second data structure which includes (1) the security token, (2) the first profile including the name, the version, the build date, the identifier, and the author or manufacturer of the component of the software package, (3) a sixth profile including details about hardware, middleware, and applications required in a second environment in which the software package is permitted to be deployed, the second environment being included in the respective environments, (4) a seventh profile including an identifier and a name of a user who is responsible for verifying contents of the software package prior to the other QA seal being embedded in the software package, (5) a second specification of one or more phases of a software development lifecycle for which the other QA seal is generated, (6) the fourth profile specifying the steps of the workflow of the software development lifecycle, the name and the identifier of the reviewer of the software package, the status of the approval of the software package, and the status of the software package at the key decision checkpoints, (7) an eighth profile specifying the dependencies of the hardware and the software required in the deployment of the software package in the second environment, and (8) second metadata including a timestamp of a completion of a generation of the other QA seal, a history of modification of the other QA seal, a status of an approval of the other QA seal, and a phase of the other QA seal;

during the build phase, the computer storing the plurality of QA seals in a first data repository;

subsequent to the build phase, subsequent to a test phase of the software package in the software development lifecycle, and prior to an initiation of the deployment of the software package to the environments in the software development lifecycle, the computer generating first and second QA seals for deploying the software package to the first and second environments, respectively, embedding the first and second QA seals into the software package, and storing in a second data repository the software package within which the first and second QA seals are embedded, the first QA seal including one profile identical to the second profile included in the one QA seal and another profile identical to the fifth profile included in the one QA seal;

in response to the initiation of the deployment of the software package to the respective environments, the computer retrieving the software package from the second data repository;

the computer retrieving the first and second QA seals embedded in the retrieved software package;

the computer performing a first lookup of the retrieved first QA seal in the plurality of QA seals stored in the first data repository and in response, determining the retrieved first QA seal matches the one QA seal included in the plurality of QA seals stored in the first data repository and determining the retrieved first QA seal does not match any other QA seal included in the plurality of QA seals;

the computer performing a second lookup of the retrieved second QA seal in the plurality of QA seals stored in the first data repository and in response, determining that the retrieved second QA seal does not match any QA seal included in the plurality of QA seals stored in the first data repository;

in response to the initiation of the deployment of the software package, the computer obtaining details of the first environment to which the software package is being deployed, the details specifying hardware and software included in the first environment;

the computer reading the details about the hardware, middleware, and applications required in the first environment included in the one profile in the retrieved first QA seal;

the computer determining the details about the hardware, middleware, and applications required in the first environment which were read in the one profile in the retrieved first QA seal match the obtained details specifying the hardware and software included in the first environment;

based on the retrieved first QA seal matching the one QA seal included in the plurality of QA seals, the retrieved first QA seal not matching any other QA seal included in the plurality of QA seals, and the details about the hardware, middleware, and applications required in the first environment which were read in the one profile in the retrieved first QA seal matching the obtained details specifying the hardware and software included in the first environment, the computer determining the retrieved first QA seal indicates the software package is compatible with the first environment;

the computer reading dependencies of hardware and software required in the deployment of the software package in the other profile in the retrieved first QA seal;

the computer determining the dependencies are satisfied based on the first environment specified by the other profile in the retrieved first QA seal;

the computer reading the first metadata in the retrieved first QA seal, and in response, determining the software package is approved for a release to the first environment specified by the one profile in the retrieved first QA seal;

based on the software package being compatible with the first environment, the dependencies being satisfied, and the software package being approved for the release to the first environment, the computer generating a notification of an authorization of the deployment of the software package to the first environment; and

based on the retrieved second QA seal not matching any QA seal included in the plurality of QA seals stored in the first data repository, the computer generating a notification indicating that the deployment of the software package to the second environment is not authorized.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An approach is provided for managing a deployment of a software package. A retrieved quality assurance (QA) seal corresponding to a software package is verified. A target deployment environment (TDE) is obtained. The QA seal is read to obtain first and second profiles, and metadata, which specify a deployment environment, hardware and software dependencies required in the deployment, and an approval for a release of the software package to the specified deployment environment, respectively. Based on a determination that the TDE matches the specified deployment environment, the QA seal indicates the software package is compatible with the TDE. The dependencies are determined to be satisfied. Based on the software package being compatible with the TDE, the dependencies being satisfied, and the specified approval for the release of the software package, a notification of an authorization of the deployment of the software package to the TDE is generated.

36 Citations

View as Search Results

17 Claims

1. A method of managing a deployment of a software package, the method comprising the steps of:
- during a build phase of the software package in a software development lifecycle, a computer generating a plurality of quality assurance (QA) seals indicating respective environments which are distributed target computing environments, the plurality of QA seals specifying that a software package, within which the QA seals are embedded prior to a deployment of the software package to the respective environments, has a compatibility with and a permission to be deployed to the respective environments, one QA seal included in the plurality of QA seals being a first data structure which includes (1) a first security token including an encryption mechanism that indicates whether the software package has been tampered with or otherwise changed, (2) a first profile including a name, a version, a build date, an identifier, and an author or manufacturer of a component of the software package, (3) a second profile including details about hardware, middleware, and applications required in a first environment in which the software package is permitted to be deployed, the first environment being included in the respective environments, (4) a third profile including an identifier and a name of a user who is responsible for verifying contents of the software package prior to the one QA seal being embedded in the software package, (5) a first specification of one or more phases of a software development lifecycle for which the one QA seal is generated, (6) a fourth profile specifying steps of a workflow of the software development lifecycle, a name and an identifier of a reviewer of the software package, a status of an approval of the software package, and a status of the software package at key decision checkpoints, (7) a fifth profile specifying dependencies of hardware and software required in the deployment of the software package in the first environment, and (8) first metadata including a timestamp of a completion of a generation of the one QA seal, a history of modification of the one QA seal, a status of an approval of the one QA seal, and a phase of the one QA seal, and another QA seal included in the plurality of QA seals being a second data structure which includes (1) the security token, (2) the first profile including the name, the version, the build date, the identifier, and the author or manufacturer of the component of the software package, (3) a sixth profile including details about hardware, middleware, and applications required in a second environment in which the software package is permitted to be deployed, the second environment being included in the respective environments, (4) a seventh profile including an identifier and a name of a user who is responsible for verifying contents of the software package prior to the other QA seal being embedded in the software package, (5) a second specification of one or more phases of a software development lifecycle for which the other QA seal is generated, (6) the fourth profile specifying the steps of the workflow of the software development lifecycle, the name and the identifier of the reviewer of the software package, the status of the approval of the software package, and the status of the software package at the key decision checkpoints, (7) an eighth profile specifying the dependencies of the hardware and the software required in the deployment of the software package in the second environment, and (8) second metadata including a timestamp of a completion of a generation of the other QA seal, a history of modification of the other QA seal, a status of an approval of the other QA seal, and a phase of the other QA seal;
  
  during the build phase, the computer storing the plurality of QA seals in a first data repository;
  
  subsequent to the build phase, subsequent to a test phase of the software package in the software development lifecycle, and prior to an initiation of the deployment of the software package to the environments in the software development lifecycle, the computer generating first and second QA seals for deploying the software package to the first and second environments, respectively, embedding the first and second QA seals into the software package, and storing in a second data repository the software package within which the first and second QA seals are embedded, the first QA seal including one profile identical to the second profile included in the one QA seal and another profile identical to the fifth profile included in the one QA seal;
  
  in response to the initiation of the deployment of the software package to the respective environments, the computer retrieving the software package from the second data repository;
  
  the computer retrieving the first and second QA seals embedded in the retrieved software package;
  
  the computer performing a first lookup of the retrieved first QA seal in the plurality of QA seals stored in the first data repository and in response, determining the retrieved first QA seal matches the one QA seal included in the plurality of QA seals stored in the first data repository and determining the retrieved first QA seal does not match any other QA seal included in the plurality of QA seals;
  
  the computer performing a second lookup of the retrieved second QA seal in the plurality of QA seals stored in the first data repository and in response, determining that the retrieved second QA seal does not match any QA seal included in the plurality of QA seals stored in the first data repository;
  
  in response to the initiation of the deployment of the software package, the computer obtaining details of the first environment to which the software package is being deployed, the details specifying hardware and software included in the first environment;
  
  the computer reading the details about the hardware, middleware, and applications required in the first environment included in the one profile in the retrieved first QA seal;
  
  the computer determining the details about the hardware, middleware, and applications required in the first environment which were read in the one profile in the retrieved first QA seal match the obtained details specifying the hardware and software included in the first environment;
  
  based on the retrieved first QA seal matching the one QA seal included in the plurality of QA seals, the retrieved first QA seal not matching any other QA seal included in the plurality of QA seals, and the details about the hardware, middleware, and applications required in the first environment which were read in the one profile in the retrieved first QA seal matching the obtained details specifying the hardware and software included in the first environment, the computer determining the retrieved first QA seal indicates the software package is compatible with the first environment;
  
  the computer reading dependencies of hardware and software required in the deployment of the software package in the other profile in the retrieved first QA seal;
  
  the computer determining the dependencies are satisfied based on the first environment specified by the other profile in the retrieved first QA seal;
  
  the computer reading the first metadata in the retrieved first QA seal, and in response, determining the software package is approved for a release to the first environment specified by the one profile in the retrieved first QA seal;
  
  based on the software package being compatible with the first environment, the dependencies being satisfied, and the software package being approved for the release to the first environment, the computer generating a notification of an authorization of the deployment of the software package to the first environment; and
  
  based on the retrieved second QA seal not matching any QA seal included in the plurality of QA seals stored in the first data repository, the computer generating a notification indicating that the deployment of the software package to the second environment is not authorized.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising the step of:
    - prior to the step of retrieving the software package in response to the initiation of the deployment of the software package and subsequent to the step of generating the plurality of QA seals, the computer associating the one and the other QA seals to the software package,wherein the step of storing the software package is performed prior to the step of retrieving the software package and subsequent to the step of associating the first and second QA seals.
  - 3. The method of claim 2, wherein the step of associating the first and second QA seals to the software package includes the steps of:
    - the computer retrieving the software package from the second data repository;
      
      the computer retrieving the one QA seal and the other QA seal from the first data repository;
      
      the computer generating a first entry of the one QA seal in association with the software package and a second entry of the other QA seal in association with the software package;
      
      the computer optionally encrypting the first and second entries;
      
      the computer storing the first and second entries in the second data repository; and
      
      the computer updating the first and second metadata in the one and the other QA seals, respectively.
  - 4. The method of claim 1, further comprising the steps of:
    - subsequent to a completion of a development phase of the software development lifecycle for developing the software package and prior to the step of retrieving the software package in response to the initiation of the deployment of the software package, the computer performing a build phase of the software development lifecycle and determining the build phase is successful;
      
      prior to the step of retrieving the software package and based on the build phase being successful, the computer generating a third QA seal to verify the software package resulting from the build phase;
      
      prior to the step of retrieving the software package and in response to the step of generating the third QA seal to verify the software package resulting from the build phase, the computer associating the third QA seal to the software package resulting from the build phase;
      
      prior to the step of retrieving the software package and in response to the step of associating the third QA seal to the software package resulting from the build phase, the computer verifying the third QA seal associated to the software package resulting from the build phase;
      
      prior to the step of retrieving the software package and subsequent to the step of verifying the third QA seal associated to the software package resulting from the build phase, the computer performing a build verification testing of the software package;
      
      prior to the step of retrieving the software package and subsequent to the step of performing the build verification testing, the computer updating the third QA seal to test the software package resulting from the build verification testing;
      
      prior to the step of retrieving the software package and subsequent to the step of updating the third QA seal to test the software package resulting from the build verification testing, the computer associating the updated third QA seal to the software package resulting from the build verification testing;
      
      prior to the step of retrieving the software package, the computer verifying the updated third QA seal associated to the software package resulting from the build verification testing;
      
      prior to the step of retrieving the software package and subsequent to (1) a completion of formal testing of the software package resulting from the build verification testing, (2) a determination that the formal testing of the software package is successful, (3) a performance of a quality assurance verification and validation of the software package, (4) a verification of prior approvals for quality gates and decision checkpoints, and (5) a receipt of final approval for releasing the software package to the second data repository, the computer updating the third QA seal a second time to specify the software package as a final software package;
      
      prior to the step of retrieving the software package and subsequent to the step of updating the third QA seal the second time to specify the software package as the final software package, the computer associating the twice updated third QA seal to the final software package; and
      
      prior to the step of retrieving the software package and subsequent to the step of associating the twice updated third QA seal, the computer storing the final software package and the associated twice updated third QA seal in the second data repository.
  - 5. The method of claim 4, wherein the step of verifying the third QA seal associated to the software package resulting from the build phase includes the steps of:
    - the computer determining whether the software package is encrypted and decrypting the software package in response to a determination that the software package is encrypted;
      
      the computer determining that the software package has the third QA seal;
      
      the computer reading the third QA seal of the software package;
      
      the computer determining whether the third QA seal of the software package matches a QA seal in the first data repository;
      
      in response to a determination that the third QA seal of the software package matches the QA seal in the first data repository, the computer determining whether the third QA seal of the software package matches exactly one QA seal in the first data repository; and
      
      in response to a determination that the third QA seal of the software package matches exactly one QA seal in the first data repository, the computer determining the third QA seal of the software package is successfully verified.
  - 6. The method of claim 1, further comprising the steps of:
    - subsequent to a completion of a development phase of the software development lifecycle for developing the software package and prior to the step of retrieving the software package in response to the initiation of the deployment of the software package, the computer performing a build phase of the software development lifecycle and determining the build phase is successful;
      
      prior to the step of retrieving the software package and based on the build phase being successful, the computer generating a third QA seal to verify the software package resulting from the build phase;
      
      prior to the step of retrieving the software package and in response to the step of generating the third QA seal to verify the software package resulting from the build phase, the computer associating the third QA seal to the software package resulting from the build phase;
      
      prior to the step of retrieving the software package and in response to the step of associating the third QA seal to the software package resulting from the build phase, the computer verifying the third QA seal associated to the software package resulting from the build phase;
      
      prior to the step of retrieving the software package and subsequent to the step of verifying the third QA seal associated to the software package resulting from the build phase, the computer performing a build verification testing of the software package;
      
      prior to the step of retrieving the software package and subsequent to the step of performing the build verification testing, the computer generating a fourth QA seal to test the software package resulting from the build verification testing;
      
      prior to the step of retrieving the software package and subsequent to the step of generating the fourth QA seal to test the software package resulting from the build verification testing, the computer associating the fourth QA seal to the software package resulting from the build verification testing;
      
      prior to the step of retrieving the software package, the computer verifying the fourth QA seal associated to the software package resulting from the build verification testing;
      
      prior to the step of retrieving the software package and subsequent to (1) a completion of formal testing of the software package resulting from the build verification testing, (2) a determination that the formal testing of the software package is successful, (3) a performance of a quality assurance verification and validation of the software package, (4) a verification of prior approvals for quality gates and decision checkpoints, and (5) a receipt of final approval for releasing the software package to the second data repository, the computer generating a fifth QA seal to specify the software package as a final software package;
      
      prior to the step of retrieving the software package and subsequent to the step of generating the fifth QA seal to specify the software package as the final software package, the computer associating the fifth QA seal to the final software package; and
      
      prior to the step of retrieving the software package and subsequent to the step of associating the fifth QA seal, the computer storing the final software package and the associated fifth QA seal in the second data repository.
  - 7. The method of claim 1, further comprising the step of:
    - providing at least one support service for at least one of creating, integrating, hosting, maintaining, and deploying computer-readable program code in the computer, the program code being executed by a processor to implement the steps of generating the plurality of QA seals, storing the plurality of QA seals, generating first and second QA seals, embedding the first and second QA seals into the software package, storing the software package, retrieving the software package, retrieving the first and second QA seals, performing a first lookup of the retrieved first QA seal, determining the retrieved first QA seal matches the one QA seal, determining the retrieved first QA seal does not match any other QA seal, performing a second lookup of the retrieved second QA seal, determining that the retrieved second QA seal does not match any QA seal, obtaining the details of the first environment, reading the details about the hardware, middleware, and applications required in the first environment match the obtained details, determining the target deployment environment matches the environment specified by the first profile, determining the retrieved first QA seal indicates the software package is compatible with the first environment, reading the dependencies of hardware and software required in the deployment of the software package, determining the dependencies are satisfied, reading the first metadata, determining the software package is approved for the release to the first environment, generating the notification of the authorization of the deployment of the software package to the first environment, and generating the notification indicating that the deployment of the software package to the second environment is not authorized.

8. A computer system comprising:
- a central processing unit (CPU);
  
  a memory coupled to the CPU; and
  
  a computer-readable, tangible storage device coupled to the CPU, the storage device containing instructions that are executed by the CPU via the memory to implement a method of managing a deployment of a software package, the method comprising the steps of;
  
  during a build phase of the software package in a software development lifecycle, the computer system generating a plurality of quality assurance (QA) seals indicating respective environments which are distributed target computing environments, the plurality of QA seals specifying that a software package, within which the QA seals are embedded prior to a deployment of the software package to the respective environments, has a compatibility with and a permission to be deployed to the respective environments, one QA seal included in the plurality of QA seals being a first data structure which includes (1) a first security token including an encryption mechanism that indicates whether the software package has been tampered with or otherwise changed, (2) a first profile including a name, a version, a build date, an identifier, and an author or manufacturer of a component of the software package, (3) a second profile including details about hardware, middleware, and applications required in a first environment in which the software package is permitted to be deployed, the first environment being included in the respective environments, (4) a third profile including an identifier and a name of a user who is responsible for verifying contents of the software package prior to the one QA seal being embedded in the software package, (5) a first specification of one or more phases of a software development lifecycle for which the one QA seal is generated, (6) a fourth profile specifying steps of a workflow of the software development lifecycle, a name and an identifier of a reviewer of the software package, a status of an approval of the software package, and a status of the software package at key decision checkpoints, (7) a fifth profile specifying dependencies of hardware and software required in the deployment of the software package in the first environment, and (8) first metadata including a timestamp of a completion of a generation of the one QA seal, a history of modification of the one QA seal, a status of an approval of the one QA seal, and a phase of the one QA seal, and another QA seal included in the plurality of QA seals being a second data structure which includes (1) the security token, (2) the first profile including the name, the version, the build date, the identifier, and the author or manufacturer of the component of the software package, (3) a sixth profile including details about hardware, middleware, and applications required in a second environment in which the software package is permitted to be deployed, the second environment being included in the respective environments, (4) a seventh profile including an identifier and a name of a user who is responsible for verifying contents of the software package prior to the other QA seal being embedded in the software package, (5) a second specification of one or more phases of a software development lifecycle for which the other QA seal is generated, (6) the fourth profile specifying the steps of the workflow of the software development lifecycle, the name and the identifier of the reviewer of the software package, the status of the approval of the software package, and the status of the software package at the key decision checkpoints, (7) an eighth profile specifying the dependencies of the hardware and the software required in the deployment of the software package in the second environment, and (8) second metadata including a timestamp of a completion of a generation of the other QA seal, a history of modification of the other QA seal, a status of an approval of the other QA seal, and a phase of the other QA seal;
  
  during the build phase, the computer system storing the plurality of QA seals in a first data repository;
  
  subsequent to the build phase, subsequent to a test phase of the software package in the software development lifecycle, and prior to an initiation of the deployment of the software package to the environments in the software development lifecycle, the computer system generating first and second QA seals for deploying the software package to the first and second environments, respectively, embedding the first and second QA seals into the software package, and storing in a second data repository the software package within which the first and second QA seals are embedded, the first QA seal including one profile identical to the second profile included in the one QA seal and another profile identical to the fifth profile included in the one QA seal;
  
  in response to the initiation of the deployment of the software package to the respective environments, the computer system retrieving the software package from the second data repository;
  
  the computer system retrieving the first and second QA seals embedded in the retrieved software package;
  
  the computer system performing a first lookup of the retrieved first QA seal in the plurality of QA seals stored in the first data repository and in response, determining the retrieved first QA seal matches the one QA seal included in the plurality of QA seals stored in the first data repository and determining the retrieved first QA seal does not match any other QA seal included in the plurality of QA seals;
  
  the computer system performing a second lookup of the retrieved second QA seal in the plurality of QA seals stored in the first data repository and in response, determining that the retrieved second QA seal does not match any QA seal included in the plurality of QA seals stored in the first data repository;
  
  in response to the initiation of the deployment of the software package, the computer system obtaining details of the first environment to which the software package is being deployed, the details specifying hardware and software included in the first environment;
  
  the computer system reading the details about the hardware, middleware, and applications required in the first environment included in the one profile in the retrieved first QA seal;
  
  the computer system determining the details about the hardware, middleware, and applications required in the first environment which were read in the one profile in the retrieved first QA seal match the obtained details specifying the hardware and software included in the first environment;
  
  based on the retrieved first QA seal matching the one QA seal included in the plurality of QA seals, the retrieved first QA seal not matching any other QA seal included in the plurality of QA seals, and the details about the hardware, middleware, and applications required in the first environment which were read in the one profile in the retrieved first QA seal matching the obtained details specifying the hardware and software included in the first environment, the computer system determining the retrieved first QA seal indicates the software package is compatible with the first environment;
  
  the computer system reading dependencies of hardware and software required in the deployment of the software package in the other profile in the retrieved first QA seal;
  
  the computer system determining the dependencies are satisfied based on the first environment specified by the other profile in the retrieved first QA seal;
  
  the computer system reading the first metadata in the retrieved first QA seal, and in response, determining the software package is approved for a release to the first environment specified by the one profile in the retrieved first QA seal;
  
  based on the software package being compatible with the first environment, the dependencies being satisfied, and the software package being approved for the release to the first environment, the computer system generating a notification of an authorization of the deployment of the software package to the first environment; and
  
  based on the retrieved second QA seal not matching any QA seal included in the plurality of QA seals stored in the first data repository, the computer system generating a notification indicating that the deployment of the software package to the second environment is not authorized.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The computer system of claim 8, wherein the method further comprises the step of:
    - prior to the step of retrieving the software package in response to the initiation of the deployment of the software package and subsequent to the step of generating the plurality of QA seals, the computer system associating the one and the other QA seals to the software package,wherein the step of storing the software package is performed prior to the step of retrieving the software package and subsequent to the step of associating the first and second QA seals.
  - 10. The computer system of claim 9, wherein the step of associating the first and second QA seals to the software package includes the steps of:
    - the computer system retrieving the software package from the second data repository;
      
      the computer system retrieving the one QA seal and the other QA seal from the first data repository;
      
      the computer system generating a first entry of the one QA seal in association with the software package and a second entry of the other QA seal in association with the software package;
      
      the computer system optionally encrypting the first and second entries;
      
      the computer system storing the first and second entries in the second data repository; and
      
      the computer system updating the first and second metadata in the one or and the other QA seals, respectively.
  - 11. The computer system of claim 8, wherein the method further comprises the steps of:
    - subsequent to a completion of a development phase of the software development lifecycle for developing the software package and prior to the step of retrieving the software package in response to the initiation of the deployment of the software package, the computer system performing a build phase of the software development lifecycle and determining the build phase is successful;
      
      prior to the step of retrieving the software package and based on the build phase being successful, the computer system generating a third QA seal to verify the software package resulting from the build phase;
      
      prior to the step of retrieving the software package and in response to the step of generating the third QA seal to verify the software package resulting from the build phase, the computer system associating the third QA seal to the software package resulting from the build phase;
      
      prior to the step of retrieving the software package and in response to the step of associating the third QA seal to the software package resulting from the build phase, the computer system verifying the third QA seal associated to the software package resulting from the build phase;
      
      prior to the step of retrieving the software package and subsequent to the step of verifying the third QA seal associated to the software package resulting from the build phase, the computer system performing a build verification testing of the software package;
      
      prior to the step of retrieving the software package and subsequent to the step of performing the build verification testing, the computer system updating the third QA seal to test the software package resulting from the build verification testing;
      
      prior to the step of retrieving the software package and subsequent to the step of updating the third QA seal to test the software package resulting from the build verification testing, the computer system associating the updated third QA seal to the software package resulting from the build verification testing;
      
      prior to the step of retrieving the software package, the computer system verifying the updated third QA seal associated to the software package resulting from the build verification testing;
      
      prior to the step of retrieving the software package and subsequent to (1) a completion of formal testing of the software package resulting from the build verification testing, (2) a determination that the formal testing of the software package is successful, (3) a performance of a quality assurance verification and validation of the software package, (4) a verification of prior approvals for quality gates and decision checkpoints, and (5) a receipt of final approval for releasing the software package to the second data repository, the computer system updating the third QA seal a second time to specify the software package as a final software package;
      
      prior to the step of retrieving the software package and subsequent to the step of updating the third QA seal the second time to specify the software package as the final software package, the computer system associating the twice updated third QA seal to the final software package; and
      
      prior to the step of retrieving the software package and subsequent to the step of associating the twice updated third QA seal, the computer system storing the final software package and the associated twice updated third QA seal in the second data repository.
  - 12. The computer system of claim 11, wherein the step of verifying the third QA seal associated to the software package resulting from the build phase includes the steps of:
    - the computer system determining whether the software package is encrypted and decrypting the software package in response to a determination that the software package is encrypted;
      
      the computer system determining that the software package has the third QA seal;
      
      the computer system reading the third QA seal of the software package;
      
      the computer system determining whether the third QA seal of the software package matches a QA seal in the first data repository;
      
      in response to a determination that the third QA seal of the software package matches the QA seal in the first data repository, the computer system determining whether the third QA seal of the software package matches exactly one QA seal in the first data repository; and
      
      in response to a determination that the third QA seal of the software package matches exactly one QA seal in the first data repository, the computer system determining the third QA seal of the software package is successfully verified.

13. A computer program product, comprising:
- a computer-readable, tangible storage device; and
  
  a computer-readable program code stored in the computer-readable, tangible storage device, the computer-readable, tangible storage device not being a signal or a signal propagation medium and the computer-readable program code containing instructions that are executed by a central processing unit (CPU) of a computer system to implement a method of managing a deployment of a software package, the method comprising the steps of;
  
  during a build phase of the software package in a software development lifecycle, the computer system generating a plurality of quality assurance (QA) seals indicating respective environments which are distributed target computing environments, the plurality of QA seals specifying that a software package, within which the QA seals are embedded prior to a deployment of the software package to the respective environments, has a compatibility with and a permission to be deployed to the respective environments, one QA seal included in the plurality of QA seals being a first data structure which includes (1) a first security token including an encryption mechanism that indicates whether the software package has been tampered with or otherwise changed, (2) a first profile including a name, a version, a build date, an identifier, and an author or manufacturer of a component of the software package, (3) a second profile including details about hardware, middleware, and applications required in a first environment in which the software package is permitted to be deployed, the first environment being included in the respective environments, (4) a third profile including an identifier and a name of a user who is responsible for verifying contents of the software package prior to the one QA seal being embedded in the software package, (5) a first specification of one or more phases of a software development lifecycle for which the one QA seal is generated, (6) a fourth profile specifying steps of a workflow of the software development lifecycle, a name and an identifier of a reviewer of the software package, a status of an approval of the software package, and a status of the software package at key decision checkpoints, (7) a fifth profile specifying dependencies of hardware and software required in the deployment of the software package in the first environment, and (8) first metadata including a timestamp of a completion of a generation of the one QA seal, a history of modification of the one QA seal, a status of an approval of the one QA seal, and a phase of the one QA seal, and another QA seal included in the plurality of QA seals being a second data structure which includes (1) the security token, (2) the first profile including the name, the version, the build date, the identifier, and the author or manufacturer of the component of the software package, (3) a sixth profile including details about hardware, middleware, and applications required in a second environment in which the software package is permitted to be deployed, the second environment being included in the respective environments, (4) a seventh profile including an identifier and a name of a user who is responsible for verifying contents of the software package prior to the other QA seal being embedded in the software package, (5) a second specification of one or more phases of a software development lifecycle for which the other QA seal is generated, (6) the fourth profile specifying the steps of the workflow of the software development lifecycle, the name and the identifier of the reviewer of the software package, the status of the approval of the software package, and the status of the software package at the key decision checkpoints, (7) an eighth profile specifying the dependencies of the hardware and the software required in the deployment of the software package in the second environment, and (8) second metadata including a timestamp of a completion of a generation of the other QA seal, a history of modification of the other QA seal, a status of an approval of the other QA seal, and a phase of the other QA seal;
  
  during the build phase, the computer system storing the plurality of QA seals in a first data repository;
  
  subsequent to the build phase, subsequent to a test phase of the software package in the software development lifecycle, and prior to an initiation of the deployment of the software package to the environments in the software development lifecycle, the computer system generating first and second QA seals for deploying the software package to the first and second environments, respectively, embedding the first and second QA seals into the software package, and storing in a second data repository the software package within which the first and second QA seals are embedded, the first QA seal including one profile identical to the second profile included in the one QA seal and another profile identical to the fifth profile included in the one QA seal;
  
  in response to the initiation of the deployment of the software package to the respective environments, the computer system retrieving the software package from the second data repository;
  
  the computer system retrieving the first and second QA seals embedded in the retrieved software package;
  
  the computer system performing a first lookup of the retrieved first QA seal in the plurality of QA seals stored in the first data repository and in response, determining the retrieved first QA seal matches the one QA seal included in the plurality of QA seals stored in the first data repository and determining the retrieved first QA seal does not match any other QA seal included in the plurality of QA seals;
  
  the computer system performing a second lookup of the retrieved second QA seal in the plurality of QA seals stored in the first data repository and in response, determining that the retrieved second QA seal does not match any QA seal included in the plurality of QA seals stored in the first data repository;
  
  in response to the initiation of the deployment of the software package, the computer system obtaining details of the first environment to which the software package is being deployed, the details specifying hardware and software included in the first environment;
  
  the computer system reading the details about the hardware, middleware, and applications required in the first environment included in the one profile in the retrieved first QA seal;
  
  the computer system determining the details about the hardware, middleware, and applications required in the first environment which were read in the one profile in the retrieved first QA seal match the obtained details specifying the hardware and software included in the first environment;
  
  based on the retrieved first QA seal matching the one QA seal included in the plurality of QA seals, the retrieved first QA seal not matching any other QA seal included in the plurality of QA seals, and the details about the hardware, middleware, and applications required in the first environment which were read in the one profile in the retrieved first QA seal matching the obtained details specifying the hardware and software included in the first environment, the computer system determining the retrieved first QA seal indicates the software package is compatible with the first environment;
  
  the computer system reading dependencies of hardware and software required in the deployment of the software package in the other profile in the retrieved first QA seal;
  
  the computer system determining the dependencies are satisfied based on the first environment specified by the other profile in the retrieved first QA seal;
  
  the computer system reading the first metadata in the retrieved first QA seal, and in response, determining the software package is approved for a release to the first environment specified by the one profile in the retrieved first QA seal;
  
  based on the software package being compatible with the first environment, the dependencies being satisfied, and the software package being approved for the release to the first environment, the computer system generating a notification of an authorization of the deployment of the software package to the first environment; and
  
  based on the retrieved second QA seal not matching any QA seal included in the plurality of QA seals stored in the first data repository, the computer system generating a notification indicating that the deployment of the software package to the second environment is not authorized.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The computer program product of claim 13, wherein the method further comprises the step of:
    - prior to the step of retrieving the software package in response to the initiation of the deployment of the software package and subsequent to the step of generating the plurality of QA seals, the computer system associating the one and the other QA seals to the software package,wherein the step of storing the software package is performed prior to the step of retrieving the software package and subsequent to the step of associating the first and second QA seals.
  - 15. The computer program product of claim 14, wherein the step of associating the first and second QA seals to the software package includes the steps of:
    - the computer system retrieving the software package from the second data repository;
      
      the computer system retrieving the one QA seal and the other QA seal from the first data repository;
      
      the computer system generating a first entry of the one QA seal in association with the software package and a second entry of the other QA seal in association with the software package;
      
      the computer system optionally encrypting the first and second entries;
      
      the computer system storing the first and second entries in the second data repository; and
      
      the computer system updating the first and second metadata in the one and the other QA seals, respectively.
  - 16. The computer program product of claim 13, wherein the method further comprises the steps of:
    - subsequent to a completion of a development phase of the software development lifecycle for developing the software package and prior to the step of retrieving the software package in response to the initiation of the deployment of the software package, the computer system performing a build phase of the software development lifecycle and determining the build phase is successful;
      
      prior to the step of retrieving the software package and based on the build phase being successful, the computer system generating a third QA seal to verify the software package resulting from the build phase;
      
      prior to the step of retrieving the software package and in response to the step of generating the third QA seal to verify the software package resulting from the build phase, the computer system associating the third QA seal to the software package resulting from the build phase;
      
      prior to the step of retrieving the software package and in response to the step of associating the third QA seal to the software package resulting from the build phase, the computer system verifying the third QA seal associated to the software package resulting from the build phase;
      
      prior to the step of retrieving the software package and subsequent to the step of verifying the third QA seal associated to the software package resulting from the build phase, the computer system performing a build verification testing of the software package;
      
      prior to the step of retrieving the software package and subsequent to the step of performing the build verification testing, the computer system updating the third QA seal to test the software package resulting from the build verification testing;
      
      prior to the step of retrieving the software package and subsequent to the step of updating the third QA seal to test the software package resulting from the build verification testing, the computer system associating the updated third QA seal to the software package resulting from the build verification testing;
      
      prior to the step of retrieving the software package, the computer system verifying the updated third QA seal associated to the software package resulting from the build verification testing;
      
      prior to the step of retrieving the software package and subsequent to (1) a completion of formal testing of the software package resulting from the build verification testing, (2) a determination that the formal testing of the software package is successful, (3) a performance of a quality assurance verification and validation of the software package, (4) a verification of prior approvals for quality gates and decision checkpoints, and (5) a receipt of final approval for releasing the software package to the second data repository, the computer system updating the third QA seal a second time to specify the software package as a final software package;
      
      prior to the step of retrieving the software package and subsequent to the step of updating the third QA seal the second time to specify the software package as the final software package, the computer system associating the twice updated third QA seal to the final software package; and
      
      prior to the step of retrieving the software package and subsequent to the step of associating the twice updated third QA seal, the computer system storing the final software package and the associated twice updated third QA seal in the second data repository.
  - 17. The computer program product of claim 16, wherein the step of verifying the third QA seal associated to the software package resulting from the build phase includes the steps of:
    - the computer system determining whether the software package is encrypted and decrypting the software package in response to a determination that the software package is encrypted;
      
      the computer system determining that the software package has the third QA seal;
      
      the computer system reading the third QA seal of the software package;
      
      the computer system determining whether the third QA seal of the software package matches a QA seal in the first data repository;
      
      in response to a determination that the third QA seal of the software package matches the QA seal in the first data repository, the computer system determining whether the third QA seal of the software package matches exactly one QA seal in the first data repository; and
      
      in response to a determination that the third QA seal of the software package matches exactly one QA seal in the first data repository, the computer system determining the third QA seal of the software package is successfully verified.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Mantripragada, Nagesh K., Mungi, Ashish, Sodhi, Manjit S., Viswanathan, Ram
Primary Examiner(s)
Tecklu, Isaac T

Application Number

US14/153,215
Publication Number

US 20150199188A1
Time in Patent Office

904 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 11/3616   using software metrics

G06F 21/121   Restricting unauthorised ex...

G06F 8/60   Software deployment

G06F 8/61   Installation

G06F 8/71   Version control security ar...

Seal-based regulation for software deployment management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

36 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Seal-based regulation for software deployment management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links