IBM Cloud Continuous Delivery code risk analyzer scans Python, Node.js, and Java source code in Git repository for legal and security risks
Seeking to bring compliance and security analytics to developers, IBM added Code Risk Analysis capabilities to IBM’s Continuous Cloud Delivery service.
The code risk analyzer described by IBM as a security measure can be configured to run at the start of the developer code process, analyzing and reviewing Git repi stores to detect problems with open source. The goal is to help app teams recognize cybersecurity threats, prioritize application security issues, and address security issues. IBM’s continuous cloud delivery helps deliver tool ranges, auto dies testing and construction, and control software quality with analytics.
IBM said that when cloud-based development methods such as microservices and containers change security and compliance processes, it is no longer feasible for centrally operational teams to manage security and application compliance. Developers need cloud-based capabilities such as a Code Risk Analyzer to embed in an existing business process. Risk Analyzer code helps developers ensure security and compliance in their regular work processes.
As it developed the Code Risk Analyzer, IBM surveyed the source creations used by IT organizations in building and deploying applications as well as in the provision and configuration of Kubernetes infrastructure and cloud services. Current cloud solutions offer limited security controls across the entire source code including scanning for security vulnerabilities of application declarations. Therefore, it is necessary to design a solution that includes an assessment of security and compliance with artifacts.
The code risk analyzer scans Git-based source code repits for Python, Node.js, and Java code and performs vulnerability checks, license management checks, and CIS (Internet Security Center) compliance checks on deployment configurations, and creates “document invoices” for all their depends dependency and sources. Terraform files used to provide cloud services such as the Cloud Object Store are scanned for any false security configurations.
IBM has sought to anchor security controls within standards such as NIST or CIS and to flatten learning paths while introducing new security methods to users. Developers are protected from having to understand security policies and definitions, with actionable feedback provided.