Seal-based regulation for software deployment management

US 9,940,114 B2
Filed: 05/31/2016
Issued: 04/10/2018
Est. Priority Date: 01/13/2014
Status: Active Grant

First Claim

Patent Images

1. A method of managing a deployment of a software package, the method comprising the steps of:

a computer retrieving first and second QA seals which are embedded in a software package prior to a deployment of the software package to first and second environments;

the computer performing a first lookup of the retrieved first QA seal in a plurality of QA seals stored in a first data repository and in response, determining that the retrieved first QA seal matches one QA seal included in the plurality of QA seals stored in the first data repository and determining the retrieved first QA seal does not match any other QA seal included in the plurality of QA seals;

the computer performing a second lookup of the retrieved second QA seal in the plurality of QA seals stored in the first data repository and in response, determining that the retrieved second QA seal does not match any QA seal included in the plurality of QA seals stored in the first data repository;

the computer determining that details about hardware, middleware, and applications required in the first environment which are included in one profile in the retrieved first QA seal match details of the first environment to which the software package is being deployed, the details of the first environment specifying hardware and software included in the first environment;

based on the retrieved first QA seal matching the one QA seal included in the plurality of QA seals, the retrieved first QA seal not matching any other QA seal included in the plurality of QA seals, and the details about the hardware, middleware, and applications required in the first environment which are included in the one profile in the retrieved first QA seal matching the details of the first environment specifying the hardware and software included in the first environment, the computer determining the retrieved first QA seal indicates the software package is compatible with the first environment;

based on the software package being compatible with the first environment, the computer generating a notification of an authorization of the deployment of the software package to the first environment; and

based on the retrieved second QA seal not matching any QA seal included in the plurality of QA seals stored in the first data repository, the computer generating a notification indicating that the deployment of the software package to the second environment is not authorized.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An approach is provided for managing a deployment of a software package. First and second quality assurance (QA) seals are determined to match exactly one QA seal and no QA seal, respectively, in a plurality of QA seals. First details about hardware, middleware, and applications required in a first environment, which are included in the first QA seal, are determined to match second details of the first environment. Based on the first QA seal matching exactly one QA seal and the first details matching the second details, the software package is determined to be compatible with the first environment and a notification is generated authorizing the deployment of the software package to the first environment. Based on the second QA seal not matching any of the plurality of QA seals, a notification is generated indicating that the deployment of the software package to a second environment is not authorized.

27 Citations

View as Search Results

20 Claims

1. A method of managing a deployment of a software package, the method comprising the steps of:
- a computer retrieving first and second QA seals which are embedded in a software package prior to a deployment of the software package to first and second environments;
  
  the computer performing a first lookup of the retrieved first QA seal in a plurality of QA seals stored in a first data repository and in response, determining that the retrieved first QA seal matches one QA seal included in the plurality of QA seals stored in the first data repository and determining the retrieved first QA seal does not match any other QA seal included in the plurality of QA seals;
  
  the computer performing a second lookup of the retrieved second QA seal in the plurality of QA seals stored in the first data repository and in response, determining that the retrieved second QA seal does not match any QA seal included in the plurality of QA seals stored in the first data repository;
  
  the computer determining that details about hardware, middleware, and applications required in the first environment which are included in one profile in the retrieved first QA seal match details of the first environment to which the software package is being deployed, the details of the first environment specifying hardware and software included in the first environment;
  
  based on the retrieved first QA seal matching the one QA seal included in the plurality of QA seals, the retrieved first QA seal not matching any other QA seal included in the plurality of QA seals, and the details about the hardware, middleware, and applications required in the first environment which are included in the one profile in the retrieved first QA seal matching the details of the first environment specifying the hardware and software included in the first environment, the computer determining the retrieved first QA seal indicates the software package is compatible with the first environment;
  
  based on the software package being compatible with the first environment, the computer generating a notification of an authorization of the deployment of the software package to the first environment; and
  
  based on the retrieved second QA seal not matching any QA seal included in the plurality of QA seals stored in the first data repository, the computer generating a notification indicating that the deployment of the software package to the second environment is not authorized.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising the steps of:
    - the computer determining that dependencies of hardware and software required in the deployment of the software package in the first environment are satisfied based on the first environment specified in the retrieved first QA seal; and
      
      determining the software package is approved for a release to the first environment based on metadata included in the retrieved first QA seal,wherein the step of generating the notification of the authorization of the deployment of the software package to the first environment is further based on the dependencies being satisfied and the software package being approved for the release to the first environment.
  - 3. The method of claim 1, further comprising the step of:
    - prior to the step of retrieving the first and second QA seals and subsequent to a generation of the plurality of QA seals, the computer associating the one QA seal and another QA seal included in the plurality of QA seals to the software package,wherein the one QA seal is a first data structure which includes (1) a first security token including an encryption mechanism that indicates whether the software package has been tampered with or otherwise changed, (2) a first profile including a name, a version, a build date, an identifier, and an author or manufacturer of a component of the software package, (3) a second profile including the details about the hardware, the middleware, and the applications required in the first environment in which the software package is permitted to be deployed, (4) a third profile including an identifier and a name of a user who is responsible for verifying contents of the software package prior to the one QA seal being embedded in the software package, (5) a first specification of one or more phases of a software development lifecycle for which the one QA seal is generated, (6) a fourth profile specifying steps of a workflow of the software development lifecycle, a name and an identifier of a reviewer of the software package, a status of an approval of the software package, and a status of the software package at key decision checkpoints, (7) a fifth profile specifying dependencies of hardware and software required in the deployment of the software package in the first environment, and (8) first metadata including a timestamp of a completion of a generation of the one QA seal, a history of modification of the one QA seal, a status of an approval of the one QA seal, and a phase of the one QA seal, andwherein the other QA seal is a second data structure which includes (1) the security token, (2) the first profile including the name, the version, the build date, the identifier, and the author or manufacturer of the component of the software package, (3) a sixth profile including details about hardware, middleware, and applications required in a second environment in which the software package is permitted to be deployed, (4) a seventh profile including an identifier and a name of a user who is responsible for verifying contents of the software package prior to the other QA seal being embedded in the software package, (5) a second specification of one or more phases of a software development lifecycle for which the other QA seal is generated, (6) the fourth profile specifying the steps of the workflow of the software development lifecycle, the name and the identifier of the reviewer of the software package, the status of the approval of the software package, and the status of the software package at the key decision checkpoints, (7) an eighth profile specifying the dependencies of the hardware and the software required in the deployment of the software package in the second environment, and (8) second metadata including a timestamp of a completion of a generation of the other QA seal, a history of modification of the other QA seal, a status of an approval of the other QA seal, and a phase of the other QA seal.
  - 4. The method of claim 3, wherein the step of associating the first and second QA seals to the software package includes the steps of:
    - the computer retrieving the software package from a second data repository;
      
      the computer retrieving the one QA seal and the other QA seal from the first data repository;
      
      the computer generating and storing a first entry of the one QA seal in association with the software package and a second entry of the other QA seal in association with the software package; and
      
      the computer updating the first and second metadata in the one and the other QA seals, respectively, to indicate that the one and the other QA seals are associated with the software package.
  - 5. The method of claim 1, further comprising the steps of:
    - subsequent to a completion of a development phase of a software development lifecycle for developing the software package and prior to the step of retrieving the first and second QA seals, the computer performing a build phase of the software development lifecycle and determining the build phase is successful;
      
      prior to the step of retrieving the first and second QA seals and based on the build phase being successful, the computer generating a third QA seal to verify the software package resulting from the build phase;
      
      prior to the step of retrieving the first and second QA seals and in response to the step of generating the third QA seal to verify the software package resulting from the build phase, the computer associating the third QA seal to the software package resulting from the build phase;
      
      prior to the step of retrieving the first and second QA seals and in response to the step of associating the third QA seal to the software package resulting from the build phase, the computer verifying the third QA seal associated to the software package resulting from the build phase;
      
      prior to the step of retrieving the first and second QA seals and subsequent to the step of verifying the third QA seal associated to the software package resulting from the build phase, the computer performing a build verification testing of the software package;
      
      prior to the step of retrieving the first and second QA seals and subsequent to the step of performing the build verification testing, the computer updating the third QA seal to test the software package resulting from the build verification testing;
      
      prior to the step of retrieving the first and second QA seals and subsequent to the step of updating the third QA seal to test the software package resulting from the build verification testing, the computer associating the updated third QA seal to the software package resulting from the build verification testing;
      
      prior to the step of retrieving the first and second QA seals, the computer verifying the updated third QA seal associated to the software package resulting from the build verification testing;
      
      prior to the step of retrieving the first and second QA seals and subsequent to (1) a completion of formal testing of the software package resulting from the build verification testing, (2) a determination that the formal testing of the software package is successful, (3) a performance of a quality assurance verification and validation of the software package, (4) a verification of prior approvals for quality gates and decision checkpoints, and (5) a receipt of final approval for releasing the software package to a second data repository, the computer updating the third QA seal a second time to specify the software package as a final software package;
      
      prior to the step of retrieving the first and second QA seals and subsequent to the step of updating the third QA seal the second time to specify the software package as the final software package, the computer associating the twice updated third QA seal to the final software package; and
      
      prior to the step of retrieving the first and second QA seals and subsequent to the step of associating the twice updated third QA seal, the computer storing the final software package and the associated twice updated third QA seal in the second data repository.
  - 6. The method of claim 5, wherein the step of verifying the third QA seal associated to the software package resulting from the build phase includes the steps of:
    - the computer determining whether the software package is encrypted and decrypting the software package in response to a determination that the software package is encrypted;
      
      the computer determining that the software package has the third QA seal;
      
      the computer reading the third QA seal of the software package;
      
      the computer determining whether the third QA seal of the software package matches a QA seal in the first data repository;
      
      in response to a determination that the third QA seal of the software package matches the QA seal in the first data repository, the computer determining whether the third QA seal of the software package matches exactly one QA seal in the first data repository; and
      
      in response to a determination that the third QA seal of the software package matches exactly one QA seal in the first data repository, the computer determining the third QA seal of the software package is successfully verified.
  - 7. The method of claim 1, further comprising the steps of:
    - subsequent to a completion of a development phase of a software development lifecycle for developing the software package and prior to the step of retrieving the software package in response to an initiation of the deployment of the software package, the computer performing a build phase of the software development lifecycle and determining the build phase is successful;
      
      prior to the step of retrieving the first and second QA seals and based on the build phase being successful, the computer generating a third QA seal to verify the software package resulting from the build phase;
      
      prior to the step of retrieving the first and second QA seals and in response to the step of generating the third QA seal to verify the software package resulting from the build phase, the computer associating the third QA seal to the software package resulting from the build phase;
      
      prior to the step of retrieving the first and second QA seals and in response to the step of associating the third QA seal to the software package resulting from the build phase, the computer verifying the third QA seal associated to the software package resulting from the build phase;
      
      prior to the step of retrieving the first and second QA seals and subsequent to the step of verifying the third QA seal associated to the software package resulting from the build phase, the computer performing a build verification testing of the software package;
      
      prior to the step of retrieving the first and second QA seals and subsequent to the step of performing the build verification testing, the computer generating a fourth QA seal to test the software package resulting from the build verification testing;
      
      prior to the step of retrieving the first and second QA seals and subsequent to the step of generating the fourth QA seal to test the software package resulting from the build verification testing, the computer associating the fourth QA seal to the software package resulting from the build verification testing;
      
      prior to the step of retrieving the first and second QA seals, the computer verifying the fourth QA seal associated to the software package resulting from the build verification testing;
      
      prior to the step of retrieving the first and second QA seals and subsequent to (1) a completion of formal testing of the software package resulting from the build verification testing, (2) a determination that the formal testing of the software package is successful, (3) a performance of a quality assurance verification and validation of the software package, (4) a verification of prior approvals for quality gates and decision checkpoints, and (5) a receipt of final approval for releasing the software package to the second data repository, the computer generating a fifth QA seal to specify the software package as a final software package;
      
      prior to the step of retrieving the first and second QA seals and subsequent to the step of generating the fifth QA seal to specify the software package as the final software package, the computer associating the fifth QA seal to the final software package; and
      
      prior to the step of retrieving the first and second QA seals and subsequent to the step of associating the fifth QA seal, the computer storing the final software package and the associated fifth QA seal in the second data repository.
  - 8. The method of claim 1, further comprising the step of:
    - providing at least one support service for at least one of creating, integrating, hosting, maintaining, and deploying computer-readable program code in the computer, the program code being executed by a processor to implement the steps of retrieving the first and second QA seals, performing the first lookup of the retrieved first QA seal, determining that the retrieved first QA seal matches the one QA seal, determining the retrieved first QA seal does not match any other QA seal, performing the second lookup of the retrieved second QA seal, determining that the retrieved second QA seal does not match any QA seal, determining that the details about the hardware, middleware, and applications required in the first environment match the details of the first environment, determining the retrieved first QA seal indicates the software package is compatible with the first environment, generating the notification of the authorization of the deployment of the software package to the first environment, and generating the notification indicating that the deployment of the software package to the second environment is not authorized.

9. A computer system comprising:
- a central processing unit (CPU);
  
  a memory coupled to the CPU; and
  
  a computer-readable storage medium coupled to the CPU, the storage medium containing instructions that are executed by the CPU via the memory to implement a method of managing a deployment of a software package, the method comprising the steps of;
  
  the computer system retrieving first and second QA seals which are embedded in a software package prior to a deployment of the software package to first and second environments;
  
  the computer system performing a first lookup of the retrieved first QA seal in a plurality of QA seals stored in a first data repository and in response, determining that the retrieved first QA seal matches one QA seal included in the plurality of QA seals stored in the first data repository and determining the retrieved first QA seal does not match any other QA seal included in the plurality of QA seals;
  
  the computer system performing a second lookup of the retrieved second QA seal in the plurality of QA seals stored in the first data repository and in response, determining that the retrieved second QA seal does not match any QA seal included in the plurality of QA seals stored in the first data repository;
  
  the computer system determining that details about hardware, middleware, and applications required in the first environment which are included in one profile in the retrieved first QA seal match details of the first environment to which the software package is being deployed, the details of the first environment specifying hardware and software included in the first environment;
  
  based on the retrieved first QA seal matching the one QA seal included in the plurality of QA seals, the retrieved first QA seal not matching any other QA seal included in the plurality of QA seals, and the details about the hardware, middleware, and applications required in the first environment which are included in the one profile in the retrieved first QA seal matching the details of the first environment specifying the hardware and software included in the first environment, the computer system determining the retrieved first QA seal indicates the software package is compatible with the first environment;
  
  based on the software package being compatible with the first environment, the computer system generating a notification of an authorization of the deployment of the software package to the first environment; and
  
  based on the retrieved second QA seal not matching any QA seal included in the plurality of QA seals stored in the first data repository, the computer system generating a notification indicating that the deployment of the software package to the second environment is not authorized.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The computer system of claim 9, wherein the method further comprises the steps of:
    - the computer system determining that dependencies of hardware and software required in the deployment of the software package in the first environment are satisfied based on the first environment specified in the retrieved first QA seal; and
      
      determining the software package is approved for a release to the first environment based on metadata included in the retrieved first QA seal,wherein the step of generating the notification of the authorization of the deployment of the software package to the first environment is further based on the dependencies being satisfied and the software package being approved for the release to the first environment.
  - 11. The computer system of claim 9, wherein the method further comprises the step of:
    - prior to the step of retrieving the first and second QA seals and subsequent to a generation of the plurality of QA seals, the computer system associating the one QA seal and another QA seal included in the plurality of QA seals to the software package,wherein the one QA seal is a first data structure which includes (1) a first security token including an encryption mechanism that indicates whether the software package has been tampered with or otherwise changed, (2) a first profile including a name, a version, a build date, an identifier, and an author or manufacturer of a component of the software package, (3) a second profile including the details about the hardware, the middleware, and the applications required in the first environment in which the software package is permitted to be deployed, (4) a third profile including an identifier and a name of a user who is responsible for verifying contents of the software package prior to the one QA seal being embedded in the software package, (5) a first specification of one or more phases of a software development lifecycle for which the one QA seal is generated, (6) a fourth profile specifying steps of a workflow of the software development lifecycle, a name and an identifier of a reviewer of the software package, a status of an approval of the software package, and a status of the software package at key decision checkpoints, (7) a fifth profile specifying dependencies of hardware and software required in the deployment of the software package in the first environment, and (8) first metadata including a timestamp of a completion of a generation of the one QA seal, a history of modification of the one QA seal, a status of an approval of the one QA seal, and a phase of the one QA seal, andwherein the other QA seal is a second data structure which includes (1) the security token, (2) the first profile including the name, the version, the build date, the identifier, and the author or manufacturer of the component of the software package, (3) a sixth profile including details about hardware, middleware, and applications required in a second environment in which the software package is permitted to be deployed, (4) a seventh profile including an identifier and a name of a user who is responsible for verifying contents of the software package prior to the other QA seal being embedded in the software package, (5) a second specification of one or more phases of a software development lifecycle for which the other QA seal is generated, (6) the fourth profile specifying the steps of the workflow of the software development lifecycle, the name and the identifier of the reviewer of the software package, the status of the approval of the software package, and the status of the software package at the key decision checkpoints, (7) an eighth profile specifying the dependencies of the hardware and the software required in the deployment of the software package in the second environment, and (8) second metadata including a timestamp of a completion of a generation of the other QA seal, a history of modification of the other QA seal, a status of an approval of the other QA seal, and a phase of the other QA seal.
  - 12. The computer system of claim 11, wherein the step of associating the first and second QA seals to the software package includes the steps of:
    - the computer system retrieving the software package from a second data repository;
      
      the computer system retrieving the one QA seal and the other QA seal from the first data repository;
      
      the computer system generating and storing a first entry of the one QA seal in association with the software package and a second entry of the other QA seal in association with the software package; and
      
      the computer system updating the first and second metadata in the one and the other QA seals, respectively, to indicate that the one and the other QA seals are associated with the software package.
  - 13. The computer system of claim 9, wherein the method further comprises the steps of:
    - subsequent to a completion of a development phase of a software development lifecycle for developing the software package and prior to the step of retrieving the first and second QA seals, the computer system performing a build phase of the software development lifecycle and determining the build phase is successful;
      
      prior to the step of retrieving the first and second QA seals and based on the build phase being successful, the computer system generating a third QA seal to verify the software package resulting from the build phase;
      
      prior to the step of retrieving the first and second QA seals and in response to the step of generating the third QA seal to verify the software package resulting from the build phase, the computer system associating the third QA seal to the software package resulting from the build phase;
      
      prior to the step of retrieving the first and second QA seals and in response to the step of associating the third QA seal to the software package resulting from the build phase, the computer system verifying the third QA seal associated to the software package resulting from the build phase;
      
      prior to the step of retrieving the first and second QA seals and subsequent to the step of verifying the third QA seal associated to the software package resulting from the build phase, the computer system performing a build verification testing of the software package;
      
      prior to the step of retrieving the first and second QA seals and subsequent to the step of performing the build verification testing, the computer system updating the third QA seal to test the software package resulting from the build verification testing;
      
      prior to the step of retrieving the first and second QA seals and subsequent to the step of updating the third QA seal to test the software package resulting from the build verification testing, the computer system associating the updated third QA seal to the software package resulting from the build verification testing;
      
      prior to the step of retrieving the first and second QA seals, the computer system verifying the updated third QA seal associated to the software package resulting from the build verification testing;
      
      prior to the step of retrieving the first and second QA seals and subsequent to (1) a completion of formal testing of the software package resulting from the build verification testing, (2) a determination that the formal testing of the software package is successful, (3) a performance of a quality assurance verification and validation of the software package, (4) a verification of prior approvals for quality gates and decision checkpoints, and (5) a receipt of final approval for releasing the software package to a second data repository, the computer system updating the third QA seal a second time to specify the software package as a final software package;
      
      prior to the step of retrieving the first and second QA seals and subsequent to the step of updating the third QA seal the second time to specify the software package as the final software package, the computer system associating the twice updated third QA seal to the final software package; and
      
      prior to the step of retrieving the first and second QA seals and subsequent to the step of associating the twice updated third QA seal, the computer system storing the final software package and the associated twice updated third QA seal in the second data repository.
  - 14. The computer system of claim 13, wherein the step of verifying the third QA seal associated to the software package resulting from the build phase includes the steps of:
    - the computer system determining whether the software package is encrypted and decrypting the software package in response to a determination that the software package is encrypted;
      
      the computer system determining that the software package has the third QA seal;
      
      the computer system reading the third QA seal of the software package;
      
      the computer system determining whether the third QA seal of the software package matches a QA seal in the first data repository;
      
      in response to a determination that the third QA seal of the software package matches the QA seal in the first data repository, the computer system determining whether the third QA seal of the software package matches exactly one QA seal in the first data repository; and
      
      in response to a determination that the third QA seal of the software package matches exactly one QA seal in the first data repository, the computer system determining the third QA seal of the software package is successfully verified.

15. A computer program product, comprising:
- a computer-readable storage medium which is not a signal or a signal propagation medium; and
  
  a computer-readable program code stored in the computer-readable storage medium, the computer-readable program code containing instructions that are executed by a central processing unit (CPU) of a computer system to implement a method of managing a deployment of a software package, the method comprising the steps of;
  
  the computer system retrieving first and second QA seals which are embedded in a software package prior to a deployment of the software package to first and second environments;
  
  the computer system performing a first lookup of the retrieved first QA seal in a plurality of QA seals stored in a first data repository and in response, determining that the retrieved first QA seal matches one QA seal included in the plurality of QA seals stored in the first data repository and determining the retrieved first QA seal does not match any other QA seal included in the plurality of QA seals;
  
  the computer system performing a second lookup of the retrieved second QA seal in the plurality of QA seals stored in the first data repository and in response, determining that the retrieved second QA seal does not match any QA seal included in the plurality of QA seals stored in the first data repository;
  
  the computer system determining that details about hardware, middleware, and applications required in the first environment which are included in one profile in the retrieved first QA seal match details of the first environment to which the software package is being deployed, the details of the first environment specifying hardware and software included in the first environment;
  
  based on the retrieved first QA seal matching the one QA seal included in the plurality of QA seals, the retrieved first QA seal not matching any other QA seal included in the plurality of QA seals, and the details about the hardware, middleware, and applications required in the first environment which are included in the one profile in the retrieved first QA seal matching the details of the first environment specifying the hardware and software included in the first environment, the computer system determining the retrieved first QA seal indicates the software package is compatible with the first environment;
  
  based on the software package being compatible with the first environment, the computer system generating a notification of an authorization of the deployment of the software package to the first environment; and
  
  based on the retrieved second QA seal not matching any QA seal included in the plurality of QA seals stored in the first data repository, the computer system generating a notification indicating that the deployment of the software package to the second environment is not authorized.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer program product of claim 15, wherein the method further comprises the steps of:
    - the computer system determining that dependencies of hardware and software required in the deployment of the software package in the first environment are satisfied based on the first environment specified in the retrieved first QA seal; and
      
      determining the software package is approved for a release to the first environment based on metadata included in the retrieved first QA seal,wherein the step of generating the notification of the authorization of the deployment of the software package to the first environment is further based on the dependencies being satisfied and the software package being approved for the release to the first environment.
  - 17. The computer program product of claim 15, wherein the method further comprises the step of:
    - prior to the step of retrieving the first and second QA seals and subsequent to a generation of the plurality of QA seals, the computer system associating the one QA seal and another QA seal included in the plurality of QA seals to the software package,wherein the one QA seal is a first data structure which includes (1) a first security token including an encryption mechanism that indicates whether the software package has been tampered with or otherwise changed, (2) a first profile including a name, a version, a build date, an identifier, and an author or manufacturer of a component of the software package, (3) a second profile including the details about the hardware, the middleware, and the applications required in the first environment in which the software package is permitted to be deployed, (4) a third profile including an identifier and a name of a user who is responsible for verifying contents of the software package prior to the one QA seal being embedded in the software package, (5) a first specification of one or more phases of a software development lifecycle for which the one QA seal is generated, (6) a fourth profile specifying steps of a workflow of the software development lifecycle, a name and an identifier of a reviewer of the software package, a status of an approval of the software package, and a status of the software package at key decision checkpoints, (7) a fifth profile specifying dependencies of hardware and software required in the deployment of the software package in the first environment, and (8) first metadata including a timestamp of a completion of a generation of the one QA seal, a history of modification of the one QA seal, a status of an approval of the one QA seal, and a phase of the one QA seal, andwherein the other QA seal is a second data structure which includes (1) the security token, (2) the first profile including the name, the version, the build date, the identifier, and the author or manufacturer of the component of the software package, (3) a sixth profile including details about hardware, middleware, and applications required in a second environment in which the software package is permitted to be deployed, (4) a seventh profile including an identifier and a name of a user who is responsible for verifying contents of the software package prior to the other QA seal being embedded in the software package, (5) a second specification of one or more phases of a software development lifecycle for which the other QA seal is generated, (6) the fourth profile specifying the steps of the workflow of the software development lifecycle, the name and the identifier of the reviewer of the software package, the status of the approval of the software package, and the status of the software package at the key decision checkpoints, (7) an eighth profile specifying the dependencies of the hardware and the software required in the deployment of the software package in the second environment, and (8) second metadata including a timestamp of a completion of a generation of the other QA seal, a history of modification of the other QA seal, a status of an approval of the other QA seal, and a phase of the other QA seal.
  - 18. The computer program product of claim 17, wherein the step of associating the first and second QA seals to the software package includes the steps of:
    - the computer system retrieving the software package from a second data repository;
      
      the computer system retrieving the one QA seal and the other QA seal from the first data repository;
      
      the computer system generating and storing a first entry of the one QA seal in association with the software package and a second entry of the other QA seal in association with the software package; and
      
      the computer system updating the first and second metadata in the one and the other QA seals, respectively, to indicate that the one and the other QA seals are associated with the software package.
  - 19. The computer program product of claim 15, wherein the method further comprises the steps of:
    - subsequent to a completion of a development phase of a software development lifecycle for developing the software package and prior to the step of retrieving the first and second QA seals, the computer system performing a build phase of the software development lifecycle and determining the build phase is successful;
      
      prior to the step of retrieving the first and second QA seals and based on the build phase being successful, the computer system generating a third QA seal to verify the software package resulting from the build phase;
      
      prior to the step of retrieving the first and second QA seals and in response to the step of generating the third QA seal to verify the software package resulting from the build phase, the computer system associating the third QA seal to the software package resulting from the build phase;
      
      prior to the step of retrieving the first and second QA seals and in response to the step of associating the third QA seal to the software package resulting from the build phase, the computer system verifying the third QA seal associated to the software package resulting from the build phase;
      
      prior to the step of retrieving the first and second QA seals and subsequent to the step of verifying the third QA seal associated to the software package resulting from the build phase, the computer system performing a build verification testing of the software package;
      
      prior to the step of retrieving the first and second QA seals and subsequent to the step of performing the build verification testing, the computer system updating the third QA seal to test the software package resulting from the build verification testing;
      
      prior to the step of retrieving the first and second QA seals and subsequent to the step of updating the third QA seal to test the software package resulting from the build verification testing, the computer system associating the updated third QA seal to the software package resulting from the build verification testing;
      
      prior to the step of retrieving the first and second QA seals, the computer system verifying the updated third QA seal associated to the software package resulting from the build verification testing;
      
      prior to the step of retrieving the first and second QA seals and subsequent to (1) a completion of formal testing of the software package resulting from the build verification testing, (2) a determination that the formal testing of the software package is successful, (3) a performance of a quality assurance verification and validation of the software package, (4) a verification of prior approvals for quality gates and decision checkpoints, and (5) a receipt of final approval for releasing the software package to a second data repository, the computer system updating the third QA seal a second time to specify the software package as a final software package;
      
      prior to the step of retrieving the first and second QA seals and subsequent to the step of updating the third QA seal the second time to specify the software package as the final software package, the computer system associating the twice updated third QA seal to the final software package; and
      
      prior to the step of retrieving the first and second QA seals and subsequent to the step of associating the twice updated third QA seal, the computer system storing the final software package and the associated twice updated third QA seal in the second data repository.
  - 20. The computer program product of claim 19, wherein the step of verifying the third QA seal associated to the software package resulting from the build phase includes the steps of:
    - the computer system determining whether the software package is encrypted and decrypting the software package in response to a determination that the software package is encrypted;
      
      the computer system determining that the software package has the third QA seal;
      
      the computer system reading the third QA seal of the software package;
      
      the computer system determining whether the third QA seal of the software package matches a QA seal in the first data repository;
      
      in response to a determination that the third QA seal of the software package matches the QA seal in the first data repository, the computer system determining whether the third QA seal of the software package matches exactly one QA seal in the first data repository; and
      
      in response to a determination that the third QA seal of the software package matches exactly one QA seal in the first data repository, the computer system determining the third QA seal of the software package is successfully verified.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Mantripragada, Nagesh K., Mungi, Ashish, Sodhi, Manjit S., Viswanathan, Ram
Primary Examiner(s)
TECKLU, ISAAC TUKU

Application Number

US15/168,708
Publication Number

US 20160274880A1
Time in Patent Office

679 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 11/3616   using software metrics

G06F 21/121   Restricting unauthorised ex...

G06F 8/60   Software deployment

G06F 8/61   Installation

G06F 8/71   Version control security ar...

Seal-based regulation for software deployment management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

27 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Seal-based regulation for software deployment management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links