CN116880892A - Tobacco industry enterprise application system source code control method - Google Patents
Tobacco industry enterprise application system source code control method Download PDFInfo
- Publication number
- CN116880892A CN116880892A CN202310859538.7A CN202310859538A CN116880892A CN 116880892 A CN116880892 A CN 116880892A CN 202310859538 A CN202310859538 A CN 202310859538A CN 116880892 A CN116880892 A CN 116880892A
- Authority
- CN
- China
- Prior art keywords
- source code
- test
- environment
- product
- version
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 43
- 235000002637 Nicotiana tabacum Nutrition 0.000 title claims abstract description 21
- 244000061176 Nicotiana tabacum Species 0.000 title 1
- 238000012360 testing method Methods 0.000 claims abstract description 114
- 238000011161 development Methods 0.000 claims abstract description 64
- 238000012795 verification Methods 0.000 claims abstract description 48
- 238000004519 manufacturing process Methods 0.000 claims abstract description 24
- 241000208125 Nicotiana Species 0.000 claims abstract description 20
- 238000012423 maintenance Methods 0.000 claims abstract description 9
- 238000013515 script Methods 0.000 claims abstract description 9
- 238000012550 audit Methods 0.000 claims description 27
- 238000007726 management method Methods 0.000 claims description 26
- 230000001419 dependent effect Effects 0.000 claims description 21
- 230000008859 change Effects 0.000 claims description 15
- 238000009434 installation Methods 0.000 claims description 14
- 238000001514 detection method Methods 0.000 claims description 7
- 230000000694 effects Effects 0.000 claims description 6
- 238000007689 inspection Methods 0.000 claims description 3
- 230000035515 penetration Effects 0.000 claims description 3
- 230000004044 response Effects 0.000 claims description 3
- 238000004088 simulation Methods 0.000 claims description 3
- 238000013024 troubleshooting Methods 0.000 claims description 2
- 238000010200 validation analysis Methods 0.000 claims 1
- 238000010276 construction Methods 0.000 abstract description 14
- 230000018109 developmental process Effects 0.000 description 50
- 230000008569 process Effects 0.000 description 18
- 230000006870 function Effects 0.000 description 11
- 238000011156 evaluation Methods 0.000 description 5
- 230000009471 action Effects 0.000 description 3
- 238000012790 confirmation Methods 0.000 description 3
- 230000007613 environmental effect Effects 0.000 description 3
- 230000008439 repair process Effects 0.000 description 3
- 230000008030 elimination Effects 0.000 description 2
- 238000003379 elimination reaction Methods 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 238000012946 outsourcing Methods 0.000 description 2
- 238000004806 packaging method and process Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000011076 safety test Methods 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000003339 best practice Methods 0.000 description 1
- 238000011217 control strategy Methods 0.000 description 1
- 125000004122 cyclic group Chemical group 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 238000011990 functional testing Methods 0.000 description 1
- 230000004927 fusion Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000011900 installation process Methods 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000011056 performance test Methods 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 238000003860 storage Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000033772 system development Effects 0.000 description 1
- 238000012384 transportation and delivery Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
- G06F8/71—Version control; Configuration management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3604—Software analysis for verifying properties of programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/30—Computing systems specially adapted for manufacturing
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Quality & Reliability (AREA)
- Computer Security & Cryptography (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses a source code management and control method of an application system of a tobacco industry enterprise, which comprises the following steps: constructing a development environment, a test environment and an operation environment, wherein a developer completes development tasks in the development environment, submits version information after development is completed, a security tester pulls a product and a source code in the test environment, performs security test and consistency check on the product and the source code, submits a test product and an approval request after the test is completed, performs version approval on the product and the source code, and if the verification is qualified, passes the approval request and stores the production product after the approval into a production product warehouse; and the operation and maintenance personnel perform deployment and release in the operation environment to finish the on-line version. By the single-way channel management and control method of the source codes, the release flow of the application system is standardized, management and control measures of the same source codes, the same construction environment and the same construction script are ensured, and therefore consistency of source code versions is ensured.
Description
Technical Field
The invention relates to the technical field of source code management, in particular to a source code management and control method of an enterprise application system in the tobacco industry.
Background
The consistency of the source code version processed by each link needs to be ensured, the situation that the source code is tampered due to human factors or non-human factors is avoided, and finally the consistency of the object program operated after compiling and the source code is ensured.
The method is characterized in that a plurality of software system development construction projects in a tobacco industry enterprise are comprehensively analyzed, the system scale is large, a plurality of outsourcing developers are required to cooperate with other staff to carry out division work, source code management and version control are carried out through SVN, gitlab, source codes are circulated in a plurality of links in a SVN or gitlab mode, the consistency and the integrity of source code versions are guaranteed due to lack of flow and technical means in the circulation process, and the possibility that the source code versions are mixed, tampered and packet-fallen in the circulation process exists. And because the developer has the right to directly deploy the latest version, when the developer has the latest version which is in emergency deployment, the corresponding source code is not submitted to enter the source code warehouse.
In summary, with the rapid development of tobacco industry enterprises, application systems supporting efficient operation of the business are increasingly constructed, and most application systems adopt outsourcing development modes. The source code is not standard enough, an unofficial channel third party component is introduced, the source code is lack of uniform management and control, the system version release is lack of strict approval, the submitted acceptance detection version is inconsistent with the release version, the coding bug repair does not form a closed loop, and the like, so that potential safety hazards with different degrees exist in a business system after the business system is online, and the high-quality stable development of the business of a company can be blocked. Therefore, a need exists for a method and a system for controlling source codes of application systems of tobacco industry enterprises around the core element of the source codes of the software, and further fusion technology and system control ensure safe and reliable development and delivery of the application systems.
Disclosure of Invention
(one) solving the technical problems
Aiming at the defects of the prior art, the invention provides a source code management and control method of an application system of a tobacco industry enterprise, and solves the problem that the source code version of the application software of the existing tobacco industry enterprise lacks unified management and control.
(II) technical scheme
In order to achieve the above purpose, the invention is realized by the following technical scheme: a source code management and control method for an application system of a tobacco industry enterprise comprises the following steps:
step S1, constructing a development environment, a test environment and an operation environment, wherein the development environment, the test environment and the operation environment are provided with a consistent operating system, basic applications, components and middleware;
step S2, a developer completes a development task in a development environment through a Dev branch of a source code warehouse, and submits version information to a relay branch of the source code warehouse after the development is completed, wherein the version information comprises a source code, a document and a product;
s3, pulling the product and the source code by a security tester through a relay branch in a test environment, performing security test and consistency check on the product and the source code, if the test is not qualified, transferring a development task flow to the developer for secondary development, if the test is qualified, submitting a test product and an approval request to a master branch of a source code warehouse after the test is finished, and simultaneously storing the test product into the test product warehouse;
s4, pulling a test product through a master branch in a test environment by a security manager, performing version verification on the product and a source code, if the verification is not qualified, transferring a development task flow to the developer for secondary development, if the verification is qualified, passing a verification request, and storing the production product after the verification is finished into a production product warehouse;
and S5, pulling the production products by operation and maintenance personnel through the production product warehouse in the operation environment, deploying and releasing the production products, and finishing the on-line version.
Further, after the source code is written, the developer compiles the source code, and the compiling mode is as follows: determining each item in a compiling task, generating an item list according to source codes of each item, wherein the item list comprises item information to be compiled and released, the item information comprises item names and version numbers, dependency relationships of the items in the item list are checked, compiling options are configured, compiling environments are checked, checked items are obtained, the checked items form a to-be-compiled list, and the items in the to-be-compiled item list are compiled through the local compiling server to obtain products.
Further, after the development task is completed, the developer performs compliance verification on the document and the source code, wherein the compliance verification on the source code comprises security verification, integrity verification, privacy protection verification, license compliance verification and standardization verification, and the compliance verification on the document comprises document accuracy verification.
Further, the security audit includes the steps of: acquiring a source code from a developer in a development environment, judging whether the source code contains a malicious source code or not, and deleting the source code from a software product if the source code exists; and judging that no malicious source code exists, and passing the audit.
Further, after the document compliance verification is passed, document availability acceptance is carried out, after the source code compliance verification, the version is deployed in a test environment and installation deployment acceptance is carried out, wherein the document availability acceptance comprises integrity check, accuracy verification and readability evaluation, and the installation deployment acceptance comprises installation verification, deployment test, function confirmation, performance evaluation and fault elimination.
Further, a developer designates a dependent version in the dependent description file, before compiling, checks whether the hash value of the source code is consistent with the hash value of the submitted Dev branch designated release version, if not, judges whether the source code is changed, and if not, re-acquires the source code and calculates the hash value again; if the source code is changed, judging whether the change is correct, if the change is correct and needs to be applied to the Dev branch, updating the Dev branch, merging the change into the source code, and if the change of the source code is wrong or does not need to be applied to the Dev branch, cancelling or discarding the change and compiling.
Further, after the step S4 is executed, a test function acceptance step is executed, specifically, whether the product is a large version or a small version is judged, if the product is a large version, a third party test and a third party test audit are sequentially carried out, after both the test and the audit are qualified, the step S4 is executed, and if the product is a small version, the step S4 is directly executed; the third party test comprises a penetration test, a black river test, a gray box test, compliance detection, artificial source code audit, privacy compliance detection and data security test, and also comprises a simulation real attack scene, the resistance capability and emergency response of test software, and the third party test audit comprises the step of confirming the reported test content of a third party tester and carrying out content inspection.
Further, the developer, using build scripts that are independent of the source code implementation, must specify a certain environment dependent version.
Further, access rights of corresponding personnel roles of a development environment, a test environment and an operation environment are distinguished, a strict access control strategy is implemented in each environment, only authorized personnel are allowed to access the corresponding environment, wherein the development environment is provided with rights for editing, compiling and debugging source codes by a developer, the test environment is provided with rights for various testing and verifying activities of products by a tester, and the operation environment is provided with rights for releasing and operating the products by an operation and maintenance personnel.
Advantageous effects
The invention provides a source code management and control method of an application system of a tobacco industry enterprise, which has the following beneficial effects:
the invention aims at the safety risk that the source code and the product version are inconsistent in the release of the existing application system, and the release process of the application system is standardized by the single-way management and control method of the source code, so that the management and control measures of the same source code, the same construction environment and the same construction script are ensured, the consistency of the source code version processed by each link of the release of the application system is ensured, the situation that the source code is tampered due to human factors or non-human factors is avoided, and the consistency of the source code, the construction environment and the construction script in the software development and release processes can be ensured by the management and control measures, so that the same and reliable software product is generated.
And a developer completes a development task in a development environment, submits version information to a Dev branch of a source code warehouse, and stores a development result in a version control system. The security tester pulls the product and source code from the Release branch and performs security testing and consistency verification in the test environment. The practice of separating development and testing helps ensure that testing is performed based on a stable version of the developed product and reduces possible inconsistencies in testing.
The access rights of personnel roles of development, test and running environments are distinguished, and only authorized personnel are restricted to access the corresponding environments. Strict access control policies help to protect sensitive data and source code and reduce unauthorized access and operation.
Version management and approval processes of source codes, documents and products are realized through the use of a source code warehouse and a version control system. This helps ensure proper audit and version control of the development effort, reduces errors and risks, and provides traceability and audit capability.
And pulling the production products by operation and maintenance personnel through the production product warehouse in the operation environment, deploying and releasing the production products, and finishing the on-line version. Such centralized deployment and release management helps to ensure consistency of the control versions and provides a standardized and repeatable deployment process.
By the scheme and the steps, the controllability, the safety and the stability of the software development and release process can be improved. They help reduce errors, improve efficiency, and ensure that the released product meets quality and safety requirements.
Drawings
FIG. 1 is a step diagram of an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Examples:
referring to fig. 1, the invention provides a source code management and control method for an enterprise application system in tobacco industry, comprising the following steps:
step S1, constructing a development environment, a test environment and an operation environment, wherein the development environment, the test environment and the operation environment are provided with a consistent operating system, basic applications, components and middleware;
step S2, a developer completes a development task in a development environment through a Dev branch of a source code warehouse, and submits version information to a relay branch of the source code warehouse after the development is completed, wherein the version information comprises a source code, a document and a product; and a developer completes a development task in a development environment, submits version information to a Dev branch of a source code warehouse, and stores a development result in a version control system. The security tester pulls the product and source code from the Release branch and performs security testing and consistency verification in the test environment. This split development and testing approach helps ensure that the testing is based on a stable version of the developed product and reduces possible inconsistencies in the testing.
S3, pulling the product and the source code by a security tester through a relay branch in a test environment, performing security test and consistency check on the product and the source code, if the test is not qualified, transferring a development task flow to the developer for secondary development, if the test is qualified, submitting a test product and an approval request to a master branch of a source code warehouse after the test is finished, and simultaneously storing the test product into the test product warehouse; and safety test personnel perform safety test and consistency check on the products and codes in a test environment, so that the safety and stability of the products are ensured.
S4, pulling a test product through a master branch in a test environment by a security manager, performing version verification on the product and a source code, if the verification is not qualified, transferring a development task flow to the developer for secondary development, if the verification is qualified, passing a verification request, and storing the production product after the verification is finished into a production product warehouse; and the security manager carries out version auditing on the test product in the test environment to ensure that the test product meets the requirements. Version management and approval processes of source codes, documents and products are realized through the use of a source code warehouse and a version control system. This helps ensure proper audit and version control of the development effort, reduces errors and risks, and provides traceability and audit capability. These steps help ensure that the product is adequately tested and inspected to meet quality and safety standards.
And S5, pulling the production products by operation and maintenance personnel through the production product warehouse in the operation environment, deploying and releasing the production products, and finishing the on-line version.
And pulling the production products by operation and maintenance personnel through the production product warehouse in the operation environment, deploying and releasing the production products, and finishing the on-line version. Such centralized deployment and release management helps to ensure consistency of the control versions and provides a standardized and repeatable deployment process.
The pre-release product library is a centralized storage system and is used for storing software products in the development, test and preparation release stages, and the main function is to provide a platform for centrally managing and sharing the pre-release products so that team members can conveniently access, deploy and test the pre-release software versions. The pre-release artifact library provides a stable and reliable location to store and retrieve artifacts and ensures consistency and collaboration among team members. The pre-release product library of the invention supports the management and tracking of products of different versions, and ensures the traceability and controllability of the versions. Role and rights based access control may be provided to ensure that only authorized personnel can access and modify the article. Allowing additional information and labels to be added to the article facilitating searching, filtering and sorting. The pre-release product library is integrated with the continuous deployment tool and the platform, so that software can be automatically deployed and released from the pre-release product library. The team cooperation and maintainability are improved, and traceability and control of the pre-release version are provided.
In this embodiment, the developer compiles the source code after completing the writing, and the compiling mode is: determining each item in a compiling task, generating an item list according to source codes of each item, wherein the item list comprises item information to be compiled and released, the item information comprises item names and version numbers, dependency relationships of the items in the item list are checked, compiling options are configured, compiling environments are checked, checked items are obtained, the checked items form a to-be-compiled list, and the items in the to-be-compiled item list are compiled through the local compiling server to obtain products. The system project is processed uniformly through integrating the functions of source code management and project compiling, so that the effect of high-efficiency completion and deployment of the development task is achieved.
In this embodiment, after a developer completes a development task, compliance auditing is performed on a document and a source code, the compliance auditing on the source code includes security auditing, integrity auditing, privacy protection auditing, license compliance auditing and standardization auditing, and the compliance auditing on the document includes document accuracy auditing.
The security auditing mode is to check whether a security hole, a weak point or a potential attack surface exists. Evaluate if there are appropriate security measures and encryption mechanisms.
The privacy protection auditing mode is to ensure that the processing of user data by documents and source codes meets relevant privacy regulations and policies. It is checked whether there is a risk of data leakage or unauthorized data access.
The license compliance auditing mode is to check whether the source code meets applicable license requirements, including compliance and copyright problems of the open source license.
The normative audits are to ensure that the document and source code conform to internal specifications, coding standards and best practices.
The document accuracy auditing mode is to evaluate whether the document is accurate, complete, easy to understand and accords with related specifications and standards, including regulations, industry standards, security requirements, data protection regulations and the like.
In this embodiment, after the auditing is completed, the compliance issues found, the places where they do not meet the requirements, and the corresponding advice are recorded. Is helpful for finishing the auditing result and providing guidance for improvement and repair. And then discussing with owners of documents and source code, development teams, and compliance specialists, sharing audit results and recommendations. The discussion includes explaining the problem, providing solutions and improving the program. And updating the document and the code according to the auditing result and feedback to solve the compliance problem, including repairing code loopholes, modifying document contents, adjusting security measures and the like. The updated documents and code should be rechecked to ensure that the compliance problem is resolved. The above steps are a cyclic process until all problems are resolved and compliance is met.
The security audit includes the steps of: acquiring a source code from a developer in a development environment, judging whether the source code contains a malicious source code or not, and deleting the source code from a software product if the source code exists; and judging that no malicious source code exists, and passing the audit.
After the source code compliance audit, the version is deployed in the test environment, and the version deployment generally comprises the following steps:
preparing an environment: necessary infrastructure and resources, such as servers, databases, network configurations, etc., are prepared in the target environment. Ensuring that the target environment can meet the running requirements of the software.
Packaging products: the particular version of the software is packaged into a deployable form, such as an executable file, library file, deployment package, and the like. This may involve operations such as compiling, building, packaging, and compressing to generate an article of manufacture suitable for deployment.
The environmental deployment step: the packaged software product is deployed into a target environment, and the required components, libraries and dependencies are installed and configured. This may involve uploading the article to a server, decompressing, installing software, setting environmental variables, etc.
Configuration: the necessary configuration and parameter setting are carried out on the software according to the requirements of the target environment. This may include database connection configuration, file path configuration, rights settings, etc. to ensure that the software is operating properly in the target environment.
Testing and verifying: the deployed software is tested and validated to ensure that it can work as intended in the target environment while ensuring the quality and reliability of the software.
The monitoring step: monitoring and log recording are carried out, so that stable operation of software in a target environment is ensured, and timely processing is carried out when abnormal conditions are detected.
In this embodiment, through version deployment, the software can be advanced from the development and testing stage to the actual use stage, so as to ensure that the software runs smoothly in the target environment. The reliability, efficiency and consistency of software delivery are improved, and available software versions are provided for users.
And after the document compliance verification is passed, carrying out document availability acceptance, and after the source code compliance verification, deploying the version in a test environment and carrying out installation deployment acceptance, wherein the document availability acceptance comprises integrity check, accuracy verification and readability evaluation, and the installation deployment acceptance comprises installation verification, deployment test, function confirmation, performance evaluation and fault elimination.
The integrity check includes confirming whether the document contains all necessary information such as a function description, an operation guide, a configuration description, etc. Accuracy verification includes verifying that the information in the document is accurate, consistent, and consistent with the behavior of the actual software. Readability assessment includes assessing the language clarity, structural logic, and legibility of a document, ensuring that a user can easily understand and use information in the document. Through document availability acceptance, the software document is confirmed to meet quality standards and user requirements, and accurate, complete and readable information is provided so as to support development, use and maintenance of software.
Installation verification includes verifying whether the installation process of the software is properly performed, including environment configuration, software installation, database setup, and the like. The function confirmation includes confirming that the installed software can normally run and executing the required function operation. Performance evaluation includes evaluating performance metrics and stability of installed software to ensure that it meets expected performance requirements. Meanwhile, the fault removal is also needed: if problems or errors are encountered during installation and deployment, troubleshooting is performed and the problem is confirmed to be solved.
The deployment test comprises:
functional test: for ensuring that the functionality of the software meets specifications and requirements.
Performance test: for verifying the performance and scalability of the software under expected loads.
Compatibility test: the method is used for testing the compatibility of software on different platforms, operating systems and browsers.
User acceptance test: to ensure that the software meets the desires and needs of the user.
The installation and deployment acceptance is used to verify the correct installation and deployment of the software and to ensure that the system is able to function properly. Through installation, deployment and acceptance, correct deployment of software is ensured, performance and stability requirements are met, smooth running in a target environment can be realized, and required functions and services are provided for users.
In this embodiment, a developer designates a dependent version in a dependency description file, before compiling, checks whether a hash value of a source code is consistent with a hash value of a submitted Dev branch designated release version, if not, determines whether the source code is modified, and if not, re-acquires the source code and re-calculates the hash value thereof; if the source code is changed, judging whether the change is correct, if the change is correct and needs to be applied to the Dev branch, updating the Dev branch, merging the change into the source code, and if the change of the source code is wrong or does not need to be applied to the Dev branch, cancelling or discarding the change and compiling. .
In this embodiment, after the step S4 is executed, a test function acceptance step is executed, specifically, whether the product is a large version or a small version is judged, if the product is a large version, a third party test and a third party test audit are sequentially performed, after both the test and the audit are qualified, the step S4 is executed, and if the product is a small version, the step S4 is directly executed; the third party test comprises a penetration test, a black river test, a gray box test, compliance detection, artificial source code audit, privacy compliance detection and data security test, and also comprises a simulation real attack scene, the resistance capability and emergency response of test software, and the third party test audit comprises the step of confirming the reported test content of a third party tester and carrying out content inspection.
The developer, using build scripts that are independent of the source code implementation, must specify a certain environment dependent version. Specifying a determined environment-dependent version has the following effects on the developer's use of build scripts that are independent of code implementation:
code repeatability: the determined environment-dependent version can ensure consistency of the build process at different times and under different environments. This means that whenever and where construction is performed, the dependent versions used are identical, ensuring code repeatability. This is particularly important for team cooperation, continuous integration, and automated build processes.
Build stability and consistency: by specifying a determined environment dependent version, a developer can avoid unexpected dependent updates or version conflicts during the build process. The dependency libraries and tools of a particular version have been tested and verified and compatibility with code has been verified. Thus, using a determined environment-dependent version may improve stability and consistency of the build, reducing build errors or inconsistencies due to dependent variations.
Avoiding the problems caused by the environmental differences: different environments may have different dependent libraries and tool versions. If the developer does not specify a certain environment dependent version, the code may be successfully built in one environment, but a problem may occur in another environment. By specifying the determined environment-dependent version, developers can reduce construction problems caused by environment variability, and ensure consistency and portability of codes under various environments.
Management security and vulnerability: the determined environment-dependent version may help a developer manage security and vulnerability issues for the software. Specifying a particular version of the dependency library and tools may ensure that software components used by the developer are free of known security vulnerabilities or problems. Meanwhile, when a new safety repair version is released, a developer can selectively upgrade the dependent version to solve the potential safety problem.
In summary, by specifying a determined environment-dependent version, developers can improve repeatability, stability, and consistency of code construction, reduce problems due to environment variability and dependency variation, and better manage security and vulnerabilities of software. This helps to ensure the security and controllability of the full life cycle of the source code.
In this embodiment, access rights of corresponding personnel roles of a development environment, a test environment and an operation environment need to be distinguished, a strict access control policy is implemented in each environment, only authorized personnel are allowed to access the corresponding environments, wherein a developer has rights to edit, compile and debug source codes in the development environment, a tester has rights to perform various testing and verification activities on products in the test environment, and an operation and maintenance person has rights to release and operate the products in the operation environment. The access rights of personnel roles of development, test and running environments are distinguished, and only authorized personnel are restricted to access the corresponding environments. Such strict access control policies help to protect sensitive data and source code and reduce unauthorized access and operation.
The invention aims at the safety risk that the source code and the product version are inconsistent in the release of the existing application system, and the release process of the application system is standardized by the single-way management and control method of the source code, so that the management and control measures of the same source code, the same construction environment and the same construction script are ensured, the consistency of the source code version processed by each link of the release of the application system is ensured, the situation that the source code is tampered due to human factors or non-human factors is avoided, and the consistency of the source code, the construction environment and the construction script in the software development and release processes can be ensured by the management and control measures, so that the same and reliable software product is generated.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation. The term "comprising" an element defined by the term "comprising" does not exclude the presence of other identical elements in a process, method, article or apparatus that comprises the element.
Although embodiments of the present invention have been shown and described, it will be understood by those skilled in the art that various changes, modifications, substitutions and alterations can be made therein without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (9)
1. The source code management and control method for the tobacco industry enterprise application system is characterized by comprising the following steps of:
step S1, constructing a development environment, a test environment and an operation environment, wherein the development environment, the test environment and the operation environment are provided with a consistent operating system, basic applications, components and middleware;
step S2, a developer completes a development task in a development environment through a Dev branch of a source code warehouse, and submits version information to a relay branch of the source code warehouse after the development is completed, wherein the version information comprises a source code, a document and a product;
s3, pulling the product and the source code by a security tester through a relay branch in a test environment, performing security test and consistency check on the product and the source code, if the test is not qualified, transferring a development task flow to the developer for secondary development, if the test is qualified, submitting a test product and an approval request to a master branch of a source code warehouse after the test is finished, and simultaneously storing the test product into the test product warehouse;
s4, pulling a test product through a master branch in a test environment by a security manager, performing version verification on the product and a source code, if the verification is not qualified, transferring a development task flow to the developer for secondary development, if the verification is qualified, passing a verification request, and storing the production product after the verification is finished into a production product warehouse;
and S5, pulling the production products by operation and maintenance personnel through the production product warehouse in the operation environment, deploying and releasing the production products, and finishing the on-line version.
2. The method for managing and controlling source codes of tobacco industry enterprise application systems according to claim 1, wherein a developer compiles source codes after compiling, and the compiling mode is as follows: determining each item in a compiling task, generating an item list according to source codes of each item, wherein the item list comprises item information to be compiled and released, the item information comprises item names and version numbers, dependency relationships of the items in the item list are checked, compiling options are configured, compiling environments are checked, the checked items form a list to be compiled, and the items in the list to be compiled are compiled through the local compiling server to obtain products.
3. The method for managing and controlling source codes of an enterprise application system in tobacco industry according to claim 2, wherein after a developer completes a development task, compliance verification is performed on a document and source codes, the compliance verification on the source codes comprises security verification, integrity verification, privacy protection verification, license compliance verification and standardization verification, and the compliance verification on the document includes document accuracy verification.
4. A method of source code management for a tobacco industry enterprise application according to claim 3, wherein the security audit comprises the steps of: acquiring a source code from a developer in a development environment, judging whether the source code contains a malicious source code or not, and deleting the source code from a software product if the source code exists; and judging that no malicious source code exists, and passing the audit.
5. A method of source code management for a tobacco industry enterprise application according to claim 3, wherein the document compliance audit is followed by a document availability check, the source code compliance audit is followed by a version deployment in the test environment and an installation deployment check, the document availability check including integrity checking, accuracy checking and readability assessment, the installation deployment check including installation checking, deployment testing, functional validation, performance assessment and troubleshooting.
6. The method for managing source codes of tobacco industry enterprise application systems according to claim 2, wherein a developer designates a dependent version in a dependent description file, checks whether a hash value of the source code is consistent with a hash value of a designated release version of a submitted Dev branch before compiling, if not, judges whether the source code is changed, and if not, re-acquires the source code and re-calculates the hash value thereof; if the source code is changed, judging whether the change is correct, if the change is correct and needs to be applied to the Dev branch, updating the Dev branch, merging the change into the source code, and if the change of the source code is wrong or does not need to be applied to the Dev branch, cancelling or discarding the change and compiling.
7. The method for controlling source code of enterprise application system in tobacco industry according to claim 1, wherein after executing the step S4, executing a test function acceptance step, specifically, judging whether the product is a large version or a small version, if the product is a large version, sequentially executing a third party test and a third party test audit, after both the test and the audit are qualified, executing the step 4, if the product is a small version, directly executing the step 4; the third party test comprises a penetration test, a black river test, a gray box test, compliance detection, artificial source code audit, privacy compliance detection and data security test, and also comprises a simulation real attack scene, the resistance capability and emergency response of test software, and the third party test audit comprises the step of confirming the reported test content of a third party tester and carrying out content inspection.
8. The tobacco industry enterprise application source code management method of claim 1, wherein the developer must specify the determined environment dependent version using a build script that is independent of source code implementation.
9. The method for managing and controlling source codes of enterprise application systems in tobacco industry according to claim 1, wherein access rights of corresponding personnel roles of development environment, test environment and operation environment are distinguished, a strict access control policy is implemented in each environment, only authorized personnel are allowed to access the corresponding environment, wherein the development environment has rights to edit, compile and debug source codes, the test environment has rights to conduct various test and verification activities on products, and the operation environment has rights to release and operate products.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310859538.7A CN116880892A (en) | 2023-07-13 | 2023-07-13 | Tobacco industry enterprise application system source code control method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310859538.7A CN116880892A (en) | 2023-07-13 | 2023-07-13 | Tobacco industry enterprise application system source code control method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116880892A true CN116880892A (en) | 2023-10-13 |
Family
ID=88261657
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310859538.7A Pending CN116880892A (en) | 2023-07-13 | 2023-07-13 | Tobacco industry enterprise application system source code control method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116880892A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117892279A (en) * | 2024-03-14 | 2024-04-16 | 成都信息工程大学 | Computer system encryption method for software development |
| CN117908949A (en) * | 2024-03-15 | 2024-04-19 | 西安衍舆航天科技有限公司 | Packet release management method and system |
-
2023
- 2023-07-13 CN CN202310859538.7A patent/CN116880892A/en active Pending
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117892279A (en) * | 2024-03-14 | 2024-04-16 | 成都信息工程大学 | Computer system encryption method for software development |
| CN117892279B (en) * | 2024-03-14 | 2024-05-14 | 成都信息工程大学 | Computer system encryption method for software development |
| CN117908949A (en) * | 2024-03-15 | 2024-04-19 | 西安衍舆航天科技有限公司 | Packet release management method and system |
| CN117908949B (en) * | 2024-03-15 | 2024-05-14 | 西安衍舆航天科技有限公司 | Packet release management method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3769223B1 (en) | Unified test automation system | |
| CN109960643B (en) | Code testing method and device | |
| US9934385B2 (en) | System and method for implementing application policies among development environments | |
| US20180157466A1 (en) | Software release workflow management | |
| CN116880892A (en) | Tobacco industry enterprise application system source code control method | |
| CN111158674B (en) | Component management method, system, device and storage medium | |
| US8677348B1 (en) | Method and apparatus for determining least risk install order of software patches | |
| JP2010231782A (en) | Method and system for function automation | |
| Alonso et al. | Embracing IaC through the DevSecOps philosophy: Concepts, challenges, and a reference framework | |
| CN103186463B (en) | Determine the method and system of the test specification of software | |
| CN112883342A (en) | Component management and control method, device and equipment | |
| CN110990249A (en) | Code scanning result processing method and device, computer equipment and storage medium | |
| CN107480050B (en) | Test method for automatically testing update package | |
| CN117632146A (en) | Side cloud collaborative deployment reconstruction method based on micro-service agile deployment | |
| CN117608578A (en) | Automatic code examination method and system based on Jenkins+Sonar | |
| CN110471681A (en) | Automatic variation, system, device and the storage medium of application program | |
| US11894976B1 (en) | Automated predictive change analytics | |
| Stapp et al. | Chapter 2 Testing Throughout the Software Development Life Cycle | |
| Raassina | DevOps and test automation configuration for an analyzer project | |
| CN114625630B (en) | Test method and test system for multi-environment multi-role version release system | |
| Iryna et al. | TO THE QUESTION OF ANALYSIS OF EXISTING MECHANISMS OF WEB APPLICATION TESTING | |
| Vasenin et al. | Automation in Complex Software Systems Lifecycle for" ISTINA" Data Analysis System | |
| Leloudas | Test Execution | |
| Di Ruscio et al. | EVOSS: A tool for managing the evolution of free and open source software systems | |
| Park et al. | Static Analysis Deployment Model for Code Quality on R&D Projects of SW Development |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication |