CN112711438A - Dependent component information extraction method, dependent component information extraction device, and computer-readable storage medium - Google Patents
Dependent component information extraction method, dependent component information extraction device, and computer-readable storage medium Download PDFInfo
- Publication number
- CN112711438A CN112711438A CN202110040128.0A CN202110040128A CN112711438A CN 112711438 A CN112711438 A CN 112711438A CN 202110040128 A CN202110040128 A CN 202110040128A CN 112711438 A CN112711438 A CN 112711438A
- Authority
- CN
- China
- Prior art keywords
- component
- dependent
- configuration file
- component information
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 230000001419 dependent effect Effects 0.000 title claims abstract description 96
- 238000000605 extraction Methods 0.000 title claims abstract description 25
- 238000000034 method Methods 0.000 claims abstract description 28
- 230000014509 gene expression Effects 0.000 claims abstract description 25
- 238000010586 diagram Methods 0.000 claims description 8
- 238000004590 computer program Methods 0.000 claims description 6
- 238000013507 mapping Methods 0.000 claims description 5
- 238000012216 screening Methods 0.000 claims description 4
- 238000012546 transfer Methods 0.000 claims description 2
- 230000008901 benefit Effects 0.000 description 4
- 238000012360 testing method Methods 0.000 description 3
- 230000009193 crawling Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000018109 developmental process Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000008030 elimination Effects 0.000 description 1
- 238000003379 elimination reaction Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000033772 system development Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
- G06F8/71—Version control; Configuration management
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses a dependent component information extraction method, dependent component information extraction equipment and a computer readable storage medium. The dependent component information extraction method comprises the following steps: acquiring a packet manager configuration file list to be detected; intercepting a text segment of a related dependency declaration part of each configuration file in a configuration file list, and matching by using a regular expression to obtain component information of a direct dependency component of the configuration file; acquiring component information of an indirect dependent component by searching a component dependent knowledge base based on the component information of the direct dependent component; and showing the component information of the directly dependent component and the component information of the indirectly dependent component. By adopting the method and the system, the text analysis depending on the configuration file can be realized, the dependence constraints such as the local private warehouse environment, the network environment and the like are separated, the constraint of the existing package manager with the analysis command is separated, the dependence relation of the components can be completely analyzed, and the project module hierarchical structure can be completely analyzed.
Description
Technical Field
The invention relates to the technical field of computer software, in particular to a dependent component information extraction method, dependent component information extraction equipment and a computer readable storage medium.
Background
Recently, as the use of open source software has increased, the use of open source components in system development has become increasingly popular. In 2019, the report by Github indicated that more than 360 ten thousand open source items relied on one of the open source items of Top50, and that well-known items such as rail/rails, facebook/jest, axios/axios were used by millions of other open source items. Meanwhile, the open source project has 180 third-party dependent components on average, and the specific number of the dependent components is from several to thousands. Relying on components has many advantages, such as being free of charge and being able to modify the source code. In fact, many oss (open Source software) components have high reliability, high performance and robustness. On the other hand, multiplexing OSS components (generally referred to as external components) in a system also presents a number of challenges in many respects, such as from the correct selection of components to the successful integration of the components into the system, to the testing of the selected components. Therefore, although open-source software brings great convenience to the IT industry, development efficiency is improved, and cost is reduced, a series of challenges exist in many aspects, because dependence and reference relation of open-source software is complex, security of the open-source software is often lack of examination and management, in the open-source software risk research report in 2019, 48363 projects are analyzed for dependent component security, and 83834 pieces of dependent component vulnerability warning information are obtained in total. Wherein, 20.79% of the total sample items have dependent component vulnerabilities, the open source community is divided, 18.03% of Github sample items contain dependent component vulnerabilities, and 33.63% of Gitee sample items contain dependent component vulnerabilities, so that the open source software also increases the complexity and security risk of the software supply chain.
To find the security problem of introducing components in a project, a tree structure diagram (including indirect dependency) on which the components of the project depend needs to be obtained first. The method of introducing the open source component in the actual project is mostly configured through a packet manager, and dependency is realized. For example: in Java language projects, project dependencies are added in a manner of configuring dependency tags in pom. xml files, but the lower-layer dependency relationship developers of component dependencies cannot directly obtain them. There are multiple layers of dependencies and sub-dependencies for components in an item, i.e., a component is dependent on a component, which may depend on other components, and so on.
Currently, query dependency tree commands of each package manager mainly used for analyzing components in a project are carried by the general package manager, such as Maven parsing, Maven provides that dependency plug-ins can view dependency of the Maven project, for example, mvn dependency: tree can view a dependency tree of a current project, but the generated dependency tree is inconvenient to interpret, and other related information, such as bugs of used components, open source protocol information and the like, cannot be viewed only through a simple dependency tree. The dependency tree obtained by using commands such as "mvn dependency: tree" must be compiled and run, that is, all the dependencies declared in the configuration file need to be downloaded and executed, and the method has long waiting time and low efficiency. Because the use of the command line requires downloading all the dependencies, if the code contains a private warehouse, the downloading can be executed only under the condition of possessing the access right of the private warehouse, the limitation is high, and the expandability is not strong. The dependency tree obtained by using the command only displays one component dependency when different components depend on a certain component at the same time, namely, the tree structure automatically performs duplication elimination work, so that the tree diagram is not 100% accurate, and defects are caused in the scenes of sub-dependency tracing, vulnerability tracing and the like.
Disclosure of Invention
Embodiments of the present invention provide a dependent component information extraction method, a device, and a computer-readable storage medium, which are used to solve a problem in the prior art that a dependent tree structure obtained by using a command is inconvenient to extract.
The dependent component information extraction method provided by the embodiment of the invention comprises the following steps:
acquiring a packet manager configuration file list to be detected;
intercepting a text segment of a related dependency declaration part of each configuration file in the configuration file list, and matching by using a regular expression to obtain component information of a direct dependency component of the configuration file;
acquiring component information of an indirect dependent component by searching a component dependent knowledge base based on the component information of the direct dependent component;
and displaying the component information of the directly dependent component and the component information of the indirectly dependent component.
According to some embodiments of the present invention, the obtaining the list of the package manager profiles to be detected includes:
and acquiring a content tree structure of the code through a public api provided by the code warehouse, and screening a to-be-detected package manager configuration file list through the file name.
According to some embodiments of the invention, the component information comprises: component name, component version, and component type.
According to some embodiments of the present invention, the matching using a regular expression to obtain the component information of the directly dependent component of the configuration file includes:
when the component version of the directly dependent component is an expression, all versions of the directly dependent component are queried, and the expression and the expressions of all versions are compared to determine the component version corresponding to the expression.
According to some embodiments of the present invention, the matching using a regular expression to obtain the component information of the directly dependent component of the configuration file includes:
when the component name of the directly dependent component is a first variable, acquiring a first variable pair from the configuration file, and determining the component name corresponding to the first variable based on the first variable;
and when the component version of the directly dependent component is a second variable, acquiring a second variable pair from the configuration file, and determining the component version corresponding to the second variable based on the second variable.
According to some embodiments of the invention, the method further comprises: and analyzing the parent tag of the configuration file, and inquiring the component information of the dependent component managed by the parent tag in the component dependent knowledge base.
According to some embodiments of the invention, the method further comprises:
component version-related information and component version-dependent information are collected from the various big package manager platforms to obtain a component-dependency one-to-many mapping relationship to build a component-dependency knowledge base.
According to some embodiments of the invention, the method further comprises: the method further comprises the following steps:
and analyzing module parent-child relationship statements from the configuration file, and constructing a tree structure diagram based on the component information of the direct dependent components and the component information of the indirect dependent components.
The dependent component information extraction device according to an embodiment of the present invention includes: a memory, a processor and a computer program stored on the memory and executable on the processor, the computer program, when executed by the processor, implementing the steps of the dependent component information extraction method as described above.
According to the computer-readable storage medium of the embodiment of the present invention, the computer-readable storage medium stores thereon an implementation program of information transfer, which when executed by a processor implements the steps of the dependent component information extraction method as described above.
By adopting the embodiment of the invention, the text analysis of the dependent configuration file can be realized, the dependence constraints such as the local private warehouse environment, the network environment and the like are separated, the constraint of the existing package manager with the analysis command is separated, the dependence relation of the component can be completely analyzed, and the project module hierarchical structure can be completely analyzed.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. In the drawings:
FIG. 1 is a flow chart of a dependent component information extraction method in an embodiment of the present invention;
FIG. 2 is a flow chart of a dependent component information extraction method in an embodiment of the present invention;
FIG. 3 is a diagram of building a component dependency knowledge base in an embodiment of the invention;
fig. 4 is a schematic structural diagram of a dependent component information extraction device in the embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present invention will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the invention are shown in the drawings, it should be understood that the invention can be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art.
An embodiment of a first aspect of the present invention provides a dependent component information extraction method, as shown in fig. 1, including:
s1, acquiring a package manager configuration file list to be detected;
s2, intercepting the text segment of the dependent declaration part of each configuration file in the configuration file list, and matching by using a regular expression to obtain the component information of the direct dependent component of the configuration file;
s3, based on the component information of the direct dependent component, obtaining the component information of the indirect dependent component by searching a component dependent knowledge base;
by querying the component dependency repository for its indirect dependencies directly and recursively looking down to the lower layers, the level of querying can be controlled by configuration parameters.
S4, displaying the component information of the direct dependent component and the component information of the indirect dependent component.
By adopting the embodiment of the invention, the text analysis of the dependent configuration file can be realized, the dependence constraints such as the local private warehouse environment, the network environment and the like are separated, the constraint of the existing package manager with the analysis command is separated, the dependence relation of the component can be completely analyzed, and the project module hierarchical structure can be completely analyzed.
On the basis of the above-described embodiment, various modified embodiments are further proposed, and it is to be noted herein that, in order to make the description brief, only the differences from the above-described embodiment are described in the various modified embodiments.
According to some embodiments of the present invention, the obtaining the list of the package manager profiles to be detected includes:
and acquiring a content tree structure of the code through a public api provided by the code warehouse, and screening a to-be-detected package manager configuration file list through the file name.
According to some embodiments of the invention, the component information comprises: component name, component version, and component type.
According to some embodiments of the present invention, the matching using a regular expression to obtain the component information of the directly dependent component of the configuration file includes:
when the component version of the directly dependent component is an expression, all versions of the directly dependent component are queried, and the expression and the expressions of all versions are compared to determine the component version corresponding to the expression.
According to some embodiments of the present invention, the matching using a regular expression to obtain the component information of the directly dependent component of the configuration file includes:
when the component name of the directly dependent component is a first variable, acquiring a first variable pair from the configuration file, and determining the component name corresponding to the first variable based on the first variable;
and when the component version of the directly dependent component is a second variable, acquiring a second variable pair from the configuration file, and determining the component version corresponding to the second variable based on the second variable.
According to some embodiments of the invention, the method further comprises: and analyzing the parent tag of the configuration file, and inquiring the component information of the dependent component managed by the parent tag in the component dependent knowledge base. Thus, parent lookup declarations may be performed on declarations that do not have component versions.
As shown in fig. 3, according to some embodiments of the invention, the method further comprises:
component version-related information and component version-dependent information are collected from the various big package manager platforms to obtain a component-dependency one-to-many mapping relationship to build a component-dependency knowledge base.
According to some embodiments of the invention, the method further comprises: the method further comprises the following steps:
and analyzing module parent-child relationship statements from the configuration file, and constructing a tree structure diagram based on the component information of the direct dependent components and the component information of the indirect dependent components.
The dependent component information extraction method according to an embodiment of the present invention is described in detail in a specific embodiment with reference to fig. 2 and 3. It is to be understood that the following description is illustrative only and is not intended to be in any way limiting. All similar structures and similar variations thereof adopted by the invention are intended to fall within the scope of the invention.
As shown in fig. 2, the dependent component information extraction method according to the embodiment of the present invention includes: and constructing a component dependence knowledge base, acquiring code content and analyzing text content.
As shown in FIG. 3, a component dependency knowledge base is constructed, including: collecting component version dependence information on each big packet manager platform, and crawling component version related information to form a component version knowledge base; and (4) crawling the version dependency information of the project components to obtain a component-dependency one-to-many mapping relation, and storing the mapping relation into a database to serve as a component dependency knowledge base. And the task is timed to continuously update the component dependence knowledge base.
Acquiring code content, including: and acquiring a content tree structure of the code through a public api provided by the code warehouse, and screening a to-be-detected package manager configuration file list through the file name.
Parsing the textual content, comprising:
preparation work: and analyzing the variable pairs in the configuration file, analyzing the parent tag of the configuration file, and inquiring a dependent component version managed by the parent tag in a component dependent knowledge base.
Resolution depends directly on: intercepting a text segment related to the dependency declaration in the package manager file, obtaining information such as a component name, a component version, a component type and the like of the dependent component by using regular expression test matching, judging the component type, and skipping development dependence and test dependence. If the version of the component is an expression, all versions of the component are inquired, and the specific version versions meeting the statement are found through the component expression range. And if the analyzed name or version is a variable, obtaining the value of the variable in the variable pair.
Resolving indirect dependencies: after all direct dependencies are analyzed, the component dependent on the component is found in a component dependent knowledge base according to the component name and the component version of the first layer dependency, and the process is recursed.
Analyzing the module parent-child relationship in the project: and analyzing the module parent-child relation statement in the dependency text, hanging the tree structure of the child module on a response parent node, and finally forming a complete project dependency tree structure chart.
And (4) warehousing and storing: and storing the tree structure into a database in a json form.
Front-end display: and displaying the tree structure diagram by using the tree structure plug-in.
By adopting the embodiment of the invention, the text analysis of the dependence configuration file can be realized, and dependence constraints such as local private warehouse environment, network environment and the like are separated; the constraint of the existing packet manager with the parsing command is broken away, the sub-dependence of the component can be completely parsed, and the hierarchical structure of the project module can be completely parsed.
It should be noted that the above-mentioned embodiments are only preferred embodiments of the present invention, and are not intended to limit the present invention, and those skilled in the art can make various modifications and changes. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
It will be appreciated by those skilled in the art that the steps of the present invention described above may be implemented using a general purpose computing device, which may be centralized on a single computing device or distributed across a network of computing devices, and that alternatively, they may be implemented using program code executable by a computing device, such that it may be stored in a memory device and executed by a computing device, and in some cases, the steps shown or described may be performed in an order different than that described herein, or may be implemented as separate integrated circuit modules, or may have multiple modules or steps implemented as a single integrated circuit module. Thus, the present invention is not limited to any specific combination of hardware and software.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on this understanding, the technical solutions of the present invention may be embodied in the form of software products, which essentially or partially contribute to the prior art.
An embodiment of the second aspect of the present invention provides a dependent component information extraction apparatus 1000, as shown in fig. 4, including: a memory 1010, a processor 1020 and a computer program stored on the memory 1010 and executable on the processor 1020, the computer program, when executed by the processor 1020, implementing the steps of the method as described in the first aspect embodiment above.
An embodiment of the third aspect of the present invention provides a computer-readable storage medium, on which an implementation program for information transmission is stored, and when the program is executed by a processor, the method of the first aspect of the present invention is implemented.
It should be noted that the computer-readable storage medium in this embodiment includes, but is not limited to: ROM, RAM, magnetic or optical disks, and the like. The program can be a mobile phone, a computer, a server, an air conditioner, or a network device.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Claims (10)
1. A dependent component information extraction method, comprising:
acquiring a packet manager configuration file list to be detected;
intercepting a text segment of a related dependency declaration part of each configuration file in the configuration file list, and matching by using a regular expression to obtain component information of a direct dependency component of the configuration file;
acquiring component information of an indirect dependent component by searching a component dependent knowledge base based on the component information of the direct dependent component;
and displaying the component information of the directly dependent component and the component information of the indirectly dependent component.
2. The method of claim 1, wherein said obtaining a list of package manager profiles to be detected comprises:
and acquiring a content tree structure of the code through a public api provided by the code warehouse, and screening a to-be-detected package manager configuration file list through the file name.
3. The method of claim 1, wherein the component information comprises: component name, component version, and component type.
4. The method of claim 3, wherein the matching using regular expressions to obtain component information of the directly dependent component of the configuration file comprises:
when the component version of the directly dependent component is an expression, all versions of the directly dependent component are queried, and the expression and the expressions of all versions are compared to determine the component version corresponding to the expression.
5. The method of claim 3, wherein the matching using regular expressions to obtain component information of the directly dependent component of the configuration file comprises:
when the component name of the directly dependent component is a first variable, acquiring a first variable pair from the configuration file, and determining the component name corresponding to the first variable based on the first variable;
and when the component version of the directly dependent component is a second variable, acquiring a second variable pair from the configuration file, and determining the component version corresponding to the second variable based on the second variable.
6. The method of claim 1, wherein the method further comprises: and analyzing the parent tag of the configuration file, and inquiring the component information of the dependent component managed by the parent tag in the component dependent knowledge base.
7. The method of claim 1, wherein the method further comprises:
component version-related information and component version-dependent information are collected from the various big package manager platforms to obtain a component-dependency one-to-many mapping relationship to build a component-dependency knowledge base.
8. The method of claim 1, wherein the method further comprises: the method further comprises the following steps:
and analyzing module parent-child relationship statements from the configuration file, and constructing a tree structure diagram based on the component information of the direct dependent components and the component information of the indirect dependent components.
9. A dependent component information extraction device characterized by comprising: memory, a processor and a computer program stored on the memory and executable on the processor, the computer program, when executed by the processor, implementing the steps of the dependent component information extraction method of any of claims 1 to 8.
10. A computer-readable storage medium, characterized in that the computer-readable storage medium has stored thereon an implementation program of information transfer, which when executed by a processor implements the steps of the dependent component information extraction method according to any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110040128.0A CN112711438B (en) | 2021-01-13 | 2021-01-13 | Method, apparatus and computer readable storage medium for extracting dependency component information |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110040128.0A CN112711438B (en) | 2021-01-13 | 2021-01-13 | Method, apparatus and computer readable storage medium for extracting dependency component information |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112711438A true CN112711438A (en) | 2021-04-27 |
| CN112711438B CN112711438B (en) | 2024-04-16 |
Family
ID=75548896
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110040128.0A Active CN112711438B (en) | 2021-01-13 | 2021-01-13 | Method, apparatus and computer readable storage medium for extracting dependency component information |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112711438B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115016831A (en) * | 2022-08-08 | 2022-09-06 | 北京安普诺信息技术有限公司 | Dependent component information acquisition method and device and storage medium |
| CN115016832A (en) * | 2022-08-08 | 2022-09-06 | 北京安普诺信息技术有限公司 | Method for deeply analyzing software component dependency relationship, related device and platform |
| CN115543410A (en) * | 2022-11-29 | 2022-12-30 | 深圳开源互联网安全技术有限公司 | Component dependency relationship analysis method, device and medium |
| CN117668327A (en) * | 2024-02-02 | 2024-03-08 | 深圳开源互联网安全技术有限公司 | Component identification method, device, terminal equipment and storage medium |
| CN117667080A (en) * | 2023-12-15 | 2024-03-08 | 北京安普诺信息技术有限公司 | Method, device, equipment and medium for determining SCA component dependency information |
| CN117971271A (en) * | 2024-02-20 | 2024-05-03 | 赫中企云(北京)信息服务有限公司 | Remote dynamic updating method for running program |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108920359A (en) * | 2018-06-06 | 2018-11-30 | 腾讯科技(成都)有限公司 | Test method, device, storage medium and the electronic device of application program |
| CN111538495A (en) * | 2020-07-13 | 2020-08-14 | 深圳开源互联网安全技术有限公司 | Method, system and equipment for identifying Python open source component quoted in project |
| CN111625839A (en) * | 2020-05-29 | 2020-09-04 | 深圳前海微众银行股份有限公司 | Third-party component vulnerability detection method, device, equipment and computer storage medium |
| CN111783103A (en) * | 2020-07-03 | 2020-10-16 | Oppo广东移动通信有限公司 | Dependency management method and device based on Maven, electronic device and storage medium |
| CN111950239A (en) * | 2020-08-07 | 2020-11-17 | 北京字节跳动网络技术有限公司 | Schema document generation method and device, computer equipment and medium |
| CN111967017A (en) * | 2020-07-28 | 2020-11-20 | 深圳开源互联网安全技术有限公司 | Method and device for generating dependency relationship, terminal equipment and storage medium |
-
2021
- 2021-01-13 CN CN202110040128.0A patent/CN112711438B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108920359A (en) * | 2018-06-06 | 2018-11-30 | 腾讯科技(成都)有限公司 | Test method, device, storage medium and the electronic device of application program |
| CN111625839A (en) * | 2020-05-29 | 2020-09-04 | 深圳前海微众银行股份有限公司 | Third-party component vulnerability detection method, device, equipment and computer storage medium |
| CN111783103A (en) * | 2020-07-03 | 2020-10-16 | Oppo广东移动通信有限公司 | Dependency management method and device based on Maven, electronic device and storage medium |
| CN111538495A (en) * | 2020-07-13 | 2020-08-14 | 深圳开源互联网安全技术有限公司 | Method, system and equipment for identifying Python open source component quoted in project |
| CN111967017A (en) * | 2020-07-28 | 2020-11-20 | 深圳开源互联网安全技术有限公司 | Method and device for generating dependency relationship, terminal equipment and storage medium |
| CN111950239A (en) * | 2020-08-07 | 2020-11-17 | 北京字节跳动网络技术有限公司 | Schema document generation method and device, computer equipment and medium |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115016831A (en) * | 2022-08-08 | 2022-09-06 | 北京安普诺信息技术有限公司 | Dependent component information acquisition method and device and storage medium |
| CN115016832A (en) * | 2022-08-08 | 2022-09-06 | 北京安普诺信息技术有限公司 | Method for deeply analyzing software component dependency relationship, related device and platform |
| CN115016832B (en) * | 2022-08-08 | 2022-11-29 | 北京安普诺信息技术有限公司 | Method for deeply analyzing software component dependency relationship, related device and platform |
| CN115543410A (en) * | 2022-11-29 | 2022-12-30 | 深圳开源互联网安全技术有限公司 | Component dependency relationship analysis method, device and medium |
| CN117667080A (en) * | 2023-12-15 | 2024-03-08 | 北京安普诺信息技术有限公司 | Method, device, equipment and medium for determining SCA component dependency information |
| CN117667080B (en) * | 2023-12-15 | 2024-05-28 | 北京安普诺信息技术有限公司 | Method, device, equipment and medium for determining SCA component dependency information |
| CN117668327A (en) * | 2024-02-02 | 2024-03-08 | 深圳开源互联网安全技术有限公司 | Component identification method, device, terminal equipment and storage medium |
| CN117971271A (en) * | 2024-02-20 | 2024-05-03 | 赫中企云(北京)信息服务有限公司 | Remote dynamic updating method for running program |
| CN117971271B (en) * | 2024-02-20 | 2024-07-09 | 赫中企云(北京)信息服务有限公司 | Remote dynamic updating method for running program |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112711438B (en) | 2024-04-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112711438A (en) | Dependent component information extraction method, dependent component information extraction device, and computer-readable storage medium | |
| US10198250B1 (en) | Partitioning based migration of systems to container and microservice based platforms | |
| US9208056B1 (en) | Transitive source code violation matching and attribution | |
| US10282197B2 (en) | Open application lifecycle management framework | |
| US9959111B2 (en) | Prioritization of software patches | |
| US8984485B2 (en) | Analysis of source code changes | |
| US20170171236A1 (en) | Method and system for automated computer vulnerability tracking | |
| US20180060415A1 (en) | Language tag management on international data storage | |
| US9690690B1 (en) | Scalable transitive violation matching | |
| CN104679500B (en) | Method and device for realizing automatic generation of entity class | |
| CN110162980B (en) | One-stop safety testing and managing method in software development process | |
| CN111737140A (en) | Interface automation test method, device, equipment and computer readable storage medium | |
| CN105630684A (en) | Software development kit identification method and device | |
| US20200310952A1 (en) | Comparable user interface object identifications | |
| US20230281467A1 (en) | Systems and methods for building an architecture knowledge graph | |
| CN115033894A (en) | Software component supply chain safety detection method and device based on knowledge graph | |
| CN108897678B (en) | Static code detection method, static code detection system and storage device | |
| CN115640578A (en) | Vulnerability reachability analysis method, device, equipment and medium for application program | |
| JP2022105474A (en) | Method for verifying vulnerabilities of network devices using cve entries | |
| US20230130649A1 (en) | Techniques for semantic analysis of cybersecurity event data and remediation of cybersecurity event root causes | |
| CN115576831A (en) | Test case recommendation method, device, equipment and storage medium | |
| CN115033489A (en) | Code resource detection method and device, electronic equipment and storage medium | |
| CN114727100A (en) | Joint debugging method and device for monitoring equipment | |
| CN110928784A (en) | Software testing environment monitoring method and device | |
| CN110297651A (en) | The update method and device of the common variable of protocol interface |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 102200 Floor 5, Block B, Building 1, Yard 10, Longyu North Street, Changping District, Beijing Applicant after: SUZHOU LENGJING QICAI INFORMATION TECHNOLOGY CO.,LTD. Address before: 100085 910, block a, Jinyu International Center, Changping District, Beijing Applicant before: SUZHOU LENGJING QICAI INFORMATION TECHNOLOGY CO.,LTD. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |