CN117648100B - Application deployment method, device, equipment and storage medium - Google Patents

Application deployment method, device, equipment and storage medium Download PDF

Info

Publication number
CN117648100B
CN117648100B CN202410125315.2A CN202410125315A CN117648100B CN 117648100 B CN117648100 B CN 117648100B CN 202410125315 A CN202410125315 A CN 202410125315A CN 117648100 B CN117648100 B CN 117648100B
Authority
CN
China
Prior art keywords
application
deployed
deployment
qualified
deployment package
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202410125315.2A
Other languages
Chinese (zh)
Other versions
CN117648100A (en
Inventor
胡超超
任高锋
王照旗
张敏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Shengbang Saiyun Technology Co ltd
Original Assignee
Beijing Shengbang Saiyun Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Shengbang Saiyun Technology Co ltd filed Critical Beijing Shengbang Saiyun Technology Co ltd
Priority to CN202410125315.2A priority Critical patent/CN117648100B/en
Publication of CN117648100A publication Critical patent/CN117648100A/en
Application granted granted Critical
Publication of CN117648100B publication Critical patent/CN117648100B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/61Installation
    • G06F8/63Image based installation; Cloning; Build to order

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to the technical field of computers, and provides an application deployment method, an application deployment device and a storage medium, wherein the application deployment method comprises the following steps: acquiring codes of applications to be deployed; under the condition that the safety detection result of the code of the application to be deployed is determined to be qualified, constructing a container mirror image of the application to be deployed according to the code of the application to be deployed; obtaining a deployment package corresponding to the application to be deployed according to the container mirror image of the application to be deployed; and under the condition that the security detection result of the deployment package of the application to be deployed is determined to be qualified and the security test result of the target deployment platform of the application to be deployed is determined to be qualified, the deployment package corresponding to the container mirror image is deployed on the target deployment platform. The invention reduces the error probability in the application deployment process and improves the application deployment efficiency.

Description

Application deployment method, device, equipment and storage medium
Technical Field
The present invention relates to the field of computer technologies, and in particular, to an application deployment method, apparatus, device, and storage medium.
Background
Development of operation (DevOps) is a Development model that is very focused on the communication cooperation between developers and operators.
The development and deployment of the application based on the DevOps development model is mainly to complete the test delivery flow in an automated manner, so that the construction, test and release of software can be performed more quickly, frequently and reliably. And isolation is eliminated by combining development and operation and maintenance practices. However, the development of the application is performed based on the DevOps development model, the code is integrated after the code is submitted in the deployment process, various tests are performed after the integration, when the quality of the combined code is problematic, team members need to be continuously tested, continuously integrated and frequently tested and integrated, the probability of manual errors is increased, and the application deployment efficiency is low.
Disclosure of Invention
The invention provides an application deployment method, an application deployment device, application deployment equipment and a storage medium, which are used for solving the defect of lower application deployment efficiency in the prior art and improving the application deployment efficiency.
In a first aspect, the present invention provides an application deployment method, the method comprising:
acquiring codes of applications to be deployed;
under the condition that the safety detection result of the code of the application to be deployed is determined to be qualified, constructing a container mirror image of the application to be deployed according to the code of the application to be deployed;
obtaining a deployment package corresponding to the application to be deployed according to the container mirror image of the application to be deployed;
And under the condition that the safety detection result of the deployment package of the application to be deployed is determined to be qualified and the safety test result of the target deployment platform of the application to be deployed is determined to be qualified, the deployment package corresponding to the container mirror image is deployed on the target deployment platform.
Optionally, under the condition that the security detection result of the code of the application to be deployed is determined to be qualified, constructing a container image of the application to be deployed according to the code of the application to be deployed, including:
Under the condition that the safety detection result of the code of the application to be deployed is determined to be qualified, generating a container image file corresponding to the application to be deployed according to the code of the application to be deployed;
Performing security detection on the container mirror image file corresponding to the application to be deployed to obtain a security detection result of the container mirror image file;
under the condition that the safety detection result of the container mirror image file is determined to be qualified, adding label information to the container mirror image file which is detected to be qualified; the label information is used for representing version information of the container image file;
and constructing the container mirror image of the application to be deployed according to the container mirror image file which is qualified in detection.
Optionally, before the deploying package corresponding to the container mirror image is deployed on the target deployment platform to be online under the condition that the security detection result of the deploying package of the application to be deployed is determined to be qualified and the security test result of the target deployment platform of the application to be deployed is determined to be qualified, the method further includes:
Performing security detection on the deployment package of the application to be deployed to obtain a security detection result of the deployment package of the application to be deployed;
Under the condition that the safety detection result of the deployment package of the application to be deployed is determined to be qualified, performing automatic test on the deployment package of the application to be deployed to obtain a test case corresponding to the deployment package of the application to be deployed;
Pushing the deployment package of the application to be deployed and the test case corresponding to the deployment package of the application to be deployed to a version control library; the version control library is used for managing version information of deployment packages of at least one version of application;
and carrying out security test on the deployment environment of the target deployment platform to obtain a security test result of the target deployment platform.
Optionally, when the security detection result of the deployment package of the application to be deployed is determined to be qualified, and the security test result of the target deployment platform of the application to be deployed is determined to be qualified, deploying the deployment package corresponding to the container image on the target deployment platform, including:
determining a consistency result of a message digest MD5 value of a deployment package corresponding to the container mirror image and a message digest MD5 value corresponding to the deployment package in the version control library;
When the consistency result is that the message digest MD5 value of the deployment package corresponding to the container mirror image is consistent with the message digest MD5 value corresponding to the deployment package in the version control library, running the test case corresponding to the deployment package, and determining whether the function of the deployment package is normal according to the running result of the test case corresponding to the deployment package;
Under the condition that the function of the deployment package is normal, determining whether the container image corresponding to the deployment package is safe or not according to the container image corresponding to the deployment package and a preset system critical path;
And under the condition that the container mirror image corresponding to the deployment package is determined to be safe, the deployment package is deployed and online on the target deployment platform.
Optionally, the method further comprises:
and determining whether the container configuration information of the application to be deployed is qualified or not, and obtaining a security detection result of the container configuration information.
Optionally, the method further comprises:
and determining whether the audit configuration information corresponding to the application to be deployed is qualified or not, and obtaining a security detection result of the audit configuration information.
Optionally, the audit configuration information includes one of: audit configuration files, audit configuration parameters, audit network configuration, audit encryption algorithm and security policy configuration, audit log records and alarm rule setting, audit database configuration and audit firewall rule configuration.
In a second aspect, the present invention also provides an application deployment apparatus, the apparatus comprising:
the acquisition module is used for acquiring codes of the application to be deployed;
The construction module is used for constructing a container mirror image of the application to be deployed according to the code of the application to be deployed under the condition that the safety detection result of the code of the application to be deployed is determined to be qualified;
obtaining a deployment package corresponding to the application to be deployed according to the container mirror image of the application to be deployed;
The deployment module is used for deploying the deployment package corresponding to the container mirror image on the target deployment platform to be online under the condition that the security detection result of the deployment package of the application to be deployed is determined to be qualified and the security test result of the target deployment platform of the application to be deployed is determined to be qualified.
In a third aspect, the present invention also provides an electronic device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing any one of the application deployment methods described above when executing the program.
In a fourth aspect, the present invention also provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements an application deployment method as described in any of the above.
In a fifth aspect, the invention also provides a computer program product comprising a computer program which, when executed by a processor, implements an application deployment method as described in any of the above.
The invention provides an application deployment method, an application deployment device and a storage medium, wherein codes of an application to be deployed are obtained; then, under the condition that the safety detection result of the code of the application to be deployed is determined to be qualified, constructing a container mirror image of the application to be deployed according to the code of the application to be deployed; further, according to the container mirror image of the application to be deployed, a deployment package corresponding to the application to be deployed is obtained; and finally, under the condition that the security detection result of the deployment package of the application to be deployed is determined to be qualified and the security test result of the target deployment platform of the application to be deployed is determined to be qualified, the deployment package corresponding to the container mirror image is deployed on the target deployment platform.
In the method provided by the embodiment of the invention, the container mirror image of the application to be deployed is constructed under the condition that the safety detection result of the code of the application to be deployed is determined to be qualified, in addition, under the condition that the safety detection result of the deployment package of the application to be deployed is determined to be qualified and the safety test result of the target deployment platform of the application to be deployed is determined to be qualified, the deployment package corresponding to the container mirror image is deployed on the target deployment platform to be online, the safety test links are added in each link of the application deployment, and the application deployment is performed under the condition that the safety test result is qualified, so that the error probability in the application deployment process is reduced, and the application deployment efficiency is improved.
Drawings
In order to more clearly illustrate the invention or the technical solutions of the prior art, the following description will briefly explain the drawings used in the embodiments or the description of the prior art, and it is obvious that the drawings in the following description are some embodiments of the invention, and other drawings can be obtained according to the drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic flow chart of an application deployment method provided by the invention;
FIG. 2 is a second flow chart of the application deployment method according to the present invention;
FIG. 3 is a schematic diagram of an application deployment apparatus provided by the present invention;
Fig. 4 is a schematic structural diagram of an electronic device provided by the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the present invention more apparent, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is apparent that the described embodiments are some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The application deployment method, apparatus, device and storage medium of the present invention are described below in conjunction with fig. 1-4.
Fig. 1 is a schematic flow chart of an application deployment method provided by the present invention, as shown in fig. 1, the method includes:
Step 101, acquiring codes of applications to be deployed;
Specifically, in the case where application deployment is required, the code of the application to be deployed needs to be acquired first. For example, code of an application to be deployed is submitted using a code submission tool git, and after receiving the submitted code with a trigger, a specified script is executed for code detection, such as code review, code testing, and so forth.
102, Under the condition that the safety detection result of the code of the application to be deployed is determined to be qualified, constructing a container mirror image of the application to be deployed according to the code of the application to be deployed;
Specifically, when the code of the application to be deployed is subjected to security detection, and the result of the security detection is determined to be qualified, a container mirror image of the application to be deployed is constructed according to the code of the application to be deployed, for example, trigger writing is firstly used, a container mirror image file Dockerfile is generated according to the code of the application to be deployed, and then when the container mirror image file Dockerfile is determined to be qualified, a container mirror image is constructed by using a container mirror image construction tool, for example kaniko. kaniko is a tool to build container images from Dockerfile within containers or Kubernetes, which is a container orchestration engine supporting automated deployment, large scale scalability, application containerization management, kaniko executor executor images are responsible for building images from Dockerfile and pushing them to process registry. When an application is deployed in a production environment, multiple instances of the application are typically deployed to load balance application requests.
Step 103, obtaining a deployment package corresponding to the application to be deployed according to the container mirror image of the application to be deployed;
Specifically, after the container mirror image is built, a deployment package corresponding to the application to be deployed can be further obtained according to the container mirror image of the application to be deployed; it will be appreciated that the container image contains at least deployment packages.
Step 104, when the security detection result of the deployment package of the application to be deployed is determined to be qualified and the security test result of the target deployment platform of the application to be deployed is determined to be qualified, deploying the deployment package corresponding to the container mirror image on the target deployment platform.
Specifically, after the deployment package corresponding to the application to be deployed is obtained, security detection can be further performed on the deployment package of the application to be deployed, and under the condition that security of the deployment package is determined, security detection is further performed on the target deployment platform of the application to be deployed, wherein security detection, conventional test, vulnerability scanning and the like can be performed on the target deployment platform on line, and whether the deployment environment is qualified or not is determined. Correspondingly, under the condition that the safety detection result of the deployment package of the application to be deployed is determined to be qualified and the safety test result of the target deployment platform of the application to be deployed is determined to be qualified, the deployment package corresponding to the container mirror image is deployed on the target deployment platform.
In the method provided by the embodiment, the code of the application to be deployed is obtained; then, under the condition that the safety detection result of the code of the application to be deployed is determined to be qualified, constructing a container mirror image of the application to be deployed according to the code of the application to be deployed; further, according to the container mirror image of the application to be deployed, a deployment package corresponding to the application to be deployed is obtained; and finally, under the condition that the security detection result of the deployment package of the application to be deployed is determined to be qualified and the security test result of the target deployment platform of the application to be deployed is determined to be qualified, the deployment package corresponding to the container mirror image is deployed on the target deployment platform.
In the method provided by the embodiment of the invention, the container mirror image of the application to be deployed is constructed under the condition that the safety detection result of the code of the application to be deployed is determined to be qualified, in addition, under the condition that the safety detection result of the deployment package of the application to be deployed is determined to be qualified and the safety test result of the target deployment platform of the application to be deployed is determined to be qualified, the deployment package corresponding to the container mirror image is deployed on the target deployment platform to be online, the safety test links are added in each link of the application deployment, and the application deployment is performed under the condition that the safety test result is qualified, so that the error probability in the application deployment process is reduced, and the application deployment efficiency is improved.
Optionally, under the condition that the security detection result of the code of the application to be deployed is determined to be qualified, constructing a container mirror image of the application to be deployed according to the code of the application to be deployed, including:
under the condition that the safety detection result of the code of the application to be deployed is determined to be qualified, generating a container image file corresponding to the application to be deployed according to the code of the application to be deployed;
Performing security detection on the container mirror image file corresponding to the application to be deployed to obtain a security detection result of the container mirror image file;
Under the condition that the safety detection result of the container image file is determined to be qualified, adding label information to the container image file which is detected to be qualified; the label information is used for representing version information of the container mirror image file;
And constructing a container mirror image of the application to be deployed according to the container mirror image file which is qualified in detection.
Specifically, in some embodiments, step 102 may be implemented by:
Firstly, security detection can be performed on codes of applications to be deployed to obtain security detection results, wherein, for example, code review, code test, quality review, vulnerability scanning and the like are performed on the codes of the applications to be deployed; optionally, a security audit may also be performed in advance on the pipeline that will be used for application deployment.
Further, under the condition that the safety detection result of the code of the application to be deployed is determined to be qualified, generating a container image file corresponding to the application to be deployed according to the code of the application to be deployed; for example, after the code performs security detection, triggering and compiling are performed by using a trigger, and a container image file Dockerfile corresponding to the application to be deployed is generated according to the code of the application to be deployed which is qualified by detection.
Further, after the container mirror image file Dockerfile corresponding to the application to be deployed is generated, security detection can be further performed on the container mirror image file corresponding to the application to be deployed, so as to obtain a security detection result of the container mirror image file; specifically, the security detection of the container image file corresponding to the application to be deployed includes at least one of detecting a plaintext password, a private key, attribute configuration when the application is started, access address and port information of a component on which the application depends, and port information or other sensitive information of an application providing services to the outside; it is checked Dockerfile whether the base image used in the base image is a corporate self-grinding environment or a source of images specified in a corporate image repository. Alternatively, security scanning and vulnerability scanning operations may be performed during each of the stages of building, deploying, and operating the container, respectively.
Further, under the condition that the security detection result of the container image file is determined to be qualified, tag information Tag can be added to the container image file which is detected to be qualified, wherein the Tag information is used for representing version information of the container image file.
Further, a container mirror image of the application to be deployed can be constructed according to the container mirror image file which is qualified in detection; for example, a container image of the application to be deployed is built using container image build tool kaniko. Alternatively, modification of version information of the deployment package image may be triggered, and a new deployment package may be generated according to the latest version information.
In the method provided by the embodiment, under the condition that the safety detection result of the code of the application to be deployed is determined to be qualified, generating a container mirror image file corresponding to the application to be deployed according to the code of the application to be deployed; further, carrying out security detection on the container mirror image file corresponding to the application to be deployed, and adding version information for representing the container mirror image file to the container mirror image file which is detected to be qualified under the condition that the security detection result of the container mirror image file is determined to be qualified; and finally, constructing a container mirror image of the application to be deployed according to the container mirror image file which is qualified in detection. The error probability of the container mirror image constructed in the embodiment is smaller, and the construction efficiency is higher.
Optionally, before the deployment package corresponding to the container mirror image is deployed on the target deployment platform to be online, if the security detection result of the deployment package of the application to be deployed is determined to be qualified and the security test result of the target deployment platform of the application to be deployed is determined to be qualified, the method further includes:
performing security detection on the deployment package of the application to be deployed to obtain a security detection result of the deployment package of the application to be deployed;
under the condition that the safety detection result of the deployment package of the application to be deployed is determined to be qualified, executing an automatic test on the deployment package of the application to be deployed to obtain a test case corresponding to the deployment package of the application to be deployed;
Pushing a deployment package of the application to be deployed and a test case corresponding to the deployment package of the application to be deployed to a version control library; the version control library is used for managing version information of deployment packages of at least one version of application;
and carrying out security test on the deployment environment of the target deployment platform to obtain a security test result of the target deployment platform.
Specifically, in some embodiments, before deploying the application, the method further comprises: and carrying out version management on the deployment package by using the version control library. In an exemplary embodiment, when it is determined that the security detection result of the deployment package of the application to be deployed is qualified and the security test result of the target deployment platform of the application to be deployed is qualified, before deploying the deployment package corresponding to the container image on the target deployment platform, the method further includes:
Firstly, carrying out security detection on a deployment package of an application to be deployed to obtain a security detection result of the deployment package of the application to be deployed; further, under the condition that the safety detection result of the deployment package of the application to be deployed is determined to be qualified, namely the deployment package is safe, the automatic test is further executed on the deployment package of the application to be deployed, so that a test case corresponding to the deployment package of the application to be deployed can be obtained.
Then, the deployment package of the application to be deployed and the test cases corresponding to the deployment package of the application to be deployed can be pushed to a version control library, and the version control library is used for managing version information of the deployment package of the application of at least one version; the method has the advantages that version information of the application corresponding to each deployment package can be conveniently checked in the subsequent development or operation and maintenance process, and the verification and the like can be performed.
Further, after the deployment package and the test case are pushed to the version control library, before the application corresponding to the deployment package is deployed to the target deployment platform, security test can be performed on the deployment environment of the target deployment platform, so that a security test result of the target deployment platform is obtained, and under the condition that the security of the deployment environment is ensured, the application corresponding to the deployment package is deployed to the target deployment platform. For example, the process of security detection for a target deployment platform is exemplified as follows:
And performing security detection on the target deployment platform from three aspects of security detection, conventional testing and vulnerability scanning, so as to determine whether the deployment environment is qualified. Specifically:
firstly, carrying out safety detection on a target deployment platform planned to be online: for example, checking whether the user account and service passwords on the server are strong, operating system and application vulnerabilities, open network services and ports, security configurations and policies, weak encryption algorithms and protocols, security logs and monitoring;
Secondly, conventional testing is carried out on the target deployment platform planned to be online: for example, malware and virus scanning is performed to determine whether access control and rights management are secure; for another example, by file rights security detecting the container platform configuration of the deployment platform, any one of the unsafe configurations is as follows: kube-apiserver do not enable security authentication policies, kube-apiserver do not close AlwaysAllow and ALWAYSADMIN configurations, etc do not enable data encryption and TLS access authentication, kubelet processes in a single host node do not enable CA authentication, kubelet processes on the host node do not close read-only interfaces, RBAC access is not enabled.
Thirdly, performing vulnerability scanning on the target deployment platform planned to be online: detecting potential loopholes in an operating system, such as buffer overflow, permission improvement and the like; for another example, the open ports and service types of the network devices are detected, the configuration files of the application programs are checked, such as database connection information, user rights, etc. When the unsafe configuration exists in the container platform configuration of the deployment platform, the target deployment platform configuration can be judged to be unsafe, and potential safety risks exist.
In the method provided by the embodiment, firstly, security detection is performed on a deployment package of an application to be deployed to obtain a security detection result of the deployment package of the application to be deployed; under the condition that the safety detection result of the deployment package of the application to be deployed is determined to be qualified, executing an automatic test on the deployment package of the application to be deployed to obtain a test case corresponding to the deployment package of the application to be deployed; then, pushing a deployment package of the application to be deployed and a test case corresponding to the deployment package of the application to be deployed to a version control library; the version control library is used for managing version information of deployment packages of at least one version of application; and then, carrying out security test on the deployment environment of the target deployment platform before deployment to obtain a security test result of the target deployment platform. The error probability of application deployment in the method provided by the embodiment is greatly reduced, and the efficiency of application deployment is higher.
Optionally, when the security detection result of the deployment package of the application to be deployed is determined to be qualified and the security test result of the target deployment platform of the application to be deployed is determined to be qualified, deploying the deployment package corresponding to the container image on the target deployment platform, including:
determining a consistency result of a message digest MD5 value of a deployment package corresponding to the container mirror image and a message digest MD5 value corresponding to the deployment package in a version control library;
Under the condition that the consistency result is that the message digest MD5 value of the deployment package corresponding to the container mirror image is consistent with the message digest MD5 value of the deployment package corresponding to the version control library, running the test case corresponding to the deployment package, and determining whether the function of the deployment package is normal according to the running result of the test case corresponding to the deployment package;
Under the condition that the function of the deployment package is normal, determining whether the container image corresponding to the deployment package is safe or not according to the container image corresponding to the deployment package and a preset system critical path;
and under the condition that the container mirror image corresponding to the deployment package is determined to be safe, the deployment package is deployed on the target deployment platform.
Specifically, in some embodiments, step 104 may be implemented by:
First, it is determined whether the deployment package functions normally: for example, firstly, determining a consistency result of a Message Digest MD5 value of a deployment package corresponding to a container mirror image and a Message Digest MD5 value corresponding to a version control library, namely judging whether the MD5 value of the deployment package is consistent with a normal version control library, wherein the MD5 value is obtained through an MD5 Algorithm, and MD5 is Message-Digest algorism 5 (information-Digest Algorithm 5) for ensuring complete consistency of information transmission, which is one of hash algorithms (further Digest Algorithm and hash Algorithm) widely used by computers, and the main stream programming language is commonly implemented by MD 5. The data (e.g. Chinese characters) is calculated into another fixed length value, which is the basic principle of the hash algorithm. Further, under the condition that the consistency result is determined that the message digest MD5 value of the deployment package corresponding to the container mirror image is consistent with the message digest MD5 value of the deployment package corresponding to the version control library, the test case corresponding to the deployment package is operated, so that whether the function of the deployment package is normal is determined according to the operation result of the test case corresponding to the deployment package.
Further, under the condition that the function of the deployment package is normal, determining whether the container image corresponding to the deployment package is safe or not according to the container image corresponding to the deployment package and a preset system critical path; for example, check if a run-state container image that is on-line for deployment mounts a system critical path that includes: judging that the container mirror image corresponding to the deployment package is unsafe when the container mirror image is mounted with the system critical path; and checking the file consistency under the appointed directory of the basic mirror image, and judging that the container mirror image corresponding to the deployment package is unsafe when the file consistency of the critical path of the mirror image system in the basic base image path is not consistent. Optionally, it is also possible to check whether the ID of the user to which the process of the container in the running state belongs is root, and when the ID of the user to which the process belongs is root, determine that the container is unsafe; the source of the image is checked to ensure that the image is obtained from a trusted source, such as an official repository or a known trusted third party repository.
Further, under the condition that the container mirror image corresponding to the deployment package is determined to be safe, the deployment package is deployed and online on the target deployment platform.
In the method provided by the embodiment, the consistency result of the message digest MD5 value of the deployment package corresponding to the container mirror image and the message digest MD5 value corresponding to the deployment package in the version control library is determined; under the condition that the consistency result is consistent, running the test cases corresponding to the deployment package, thereby determining whether the functions of the deployment package are normal; under the condition that the function of the deployment package is normal, determining whether the container image corresponding to the deployment package is safe or not according to the container image corresponding to the deployment package and a preset system critical path; and under the condition that the container mirror image corresponding to the deployment package is determined to be safe, the deployment package is deployed on the target deployment platform. The application deployment method provided by the embodiment has higher safety performance.
Optionally, the method further comprises:
And determining whether the container configuration information of the application to be deployed is qualified or not, and obtaining a security detection result of the container configuration information.
Specifically, in some embodiments, after the application is deployed to the target platform and before the application enters the operation and maintenance, the security detection may be further performed on the container configuration information where the application to be deployed is located, so as to obtain a security detection result of the container configuration information, thereby determining whether the container configuration information is qualified. Where the container is configured as Pod, it will be appreciated that Pod Pods provides two shared resources: network and storage. Pod can be used as a carrier of 1 or more Docker containers, one Pod encapsulates one application container (there can also be multiple containers), pod is the smallest/simplest basic unit of Kubernetes creation or deployment, and one Pod represents one process running on a cluster. Each Pod will be assigned a separate IP address and each container in the Pod shares a network namespace including an IP address and network port. The containers within the Pod may communicate with each other using a local host localhost.
Illustratively, determining whether container configuration information of an application to be deployed is qualified, for example, detecting sensitive information stored in a plaintext in Pod configuration, such as database passwords, application Programming Interface (API) keys and the like, and when sensitive information exists in a Pod configuration file, determining that the current Pod is unsafe; if unnecessary network ports are opened in the Pod configuration or network strategies are not properly configured, judging that the current Pod is unsafe; if unsafe volume mounting mode is used in Pod configuration, if host path hostPath volume type is used, hostPath volume refers to a container for mounting files or catalogs on Node local file system (Node where Pod is located) into Pod, then determining Pod is unsafe; if the secure transport layer protocol (Transport Layer Security Protocol, TLS) or other encryption protocol is not enabled in the Pod configuration to protect network communications, then the Pod is determined to be unsafe; using an unsafe container image in the Pod configuration, such as from an untrusted source or an unverified image, determining that the Pod is unsafe; lack of an appropriate access control mechanism in the Pod configuration, such as lack of Role-Based Access Control (RBAC) or network policy, determines that the Pod is not secure; it is checked whether the Pod has enabled the appropriate logging and monitoring mechanism and if Pod has not enabled logging or monitoring, it is determined that Pod is not secure.
In the method provided by the embodiment, whether the container configuration information of the application to be deployed is qualified or not is determined, and the security detection result of the container configuration information is obtained, so that the probability of application deployment errors can be reduced.
Optionally, the method further comprises:
And determining whether the audit configuration information corresponding to the application to be deployed is qualified or not, and obtaining a security detection result of the audit configuration information.
Specifically, in some embodiments, after the application is deployed to the target platform and before the application enters the operation and maintenance link, security detection may be further performed on the audit configuration information where the application to be deployed is located, so as to obtain a security detection result of the audit configuration information, so that whether the audit configuration information corresponding to the application to be deployed is qualified or not is determined.
Optionally, the audit configuration information includes one of: audit configuration files, audit configuration parameters, audit network configuration, audit encryption algorithm and security policy configuration, audit log records and alarm rule setting, audit database configuration and audit firewall rule configuration.
Specifically, in some embodiments, the audit configuration information includes one of: audit configuration files, audit configuration parameters, audit network configuration, audit encryption algorithm and security policy configuration, audit log records and alarm rule setting, audit database configuration and audit firewall rule configuration.
Illustratively, the process of detecting audit configuration information is, for example, checking whether the audit profile is complete and has not been modified or tampered with; checking whether the audit configuration parameters meet the best practices, security requirements and policy specifications of the organization; checking the audit access control list (Access Control List, ACL), rights and role settings to ensure that only authorized users or systems can access and modify the configuration information; checking audit network configuration, including port and protocol settings, ensuring that only necessary ports are opened and unsafe protocols are disabled; checking configuration of audit encryption algorithm, certificate and security policy, and ensuring proper protection of data in the transmission and storage processes; checking the setting of audit log records, the configuration of monitoring indexes and the setting of alarm rules, and ensuring that the system can timely discover and respond to abnormal conditions; checking the configuration of audit database connection, data backup and recovery strategies, and ensuring the safety and reliability of data; checking configuration of audit firewall rules, intrusion detection and defense systems (IDS/IPS), and ensuring that network security equipment can effectively defend attacks; checking configuration and application conditions of audit security update and patch, and ensuring that the system is updated in time to repair known vulnerabilities; and checking the record and approval flow of the audit configuration change, and ensuring the traceability and compliance of the configuration change. And if the indexes related to the audit configuration information meet the requirements, judging that the audit is qualified, and transferring the maintenance link.
In the method provided by the embodiment, after the application is deployed on line, whether the audit configuration information corresponding to the application to be deployed is qualified or not can be further determined, a security detection result of the audit configuration information is obtained, the application is transferred to a maintenance link under the condition that the audit is qualified, security detection is added in the whole application deployment flow in the embodiment, the whole flow can be safely controlled, error probability risks caused by manual operation are reduced in the deployment process of the standard flow, and the standard is provided for the standard operation.
Fig. 2 is a second flowchart of an application deployment method provided by the present invention, as shown in fig. 2, the method includes:
Firstly, submitting codes to a pipeline of application deployment, and then testing the codes, such as code review, code test, quality review, vulnerability scanning and security audit on the pipeline;
Then, under the condition that the code safety test is confirmed to be qualified, constructing a container mirror image; detecting whether the container mirror image is safe or not; under the condition of safe container mirror image, constructing an updated container mirror image;
Further, after the container mirror image is built, deployment or deployment after upgrading can be directly carried out, specifically, whether a deployment package is safe or not is detected, and under the condition that the deployment package is safe, automatic test is carried out on the deployment package to generate a test case; further, pushing the deployment package and the test cases to a version control library; alternatively, the deployment package may be pushed directly into the version control library for archiving;
further, after the automation test, safety detection is performed on the deployment platform, for example, whether the deployment platform passes conventional function tests, vulnerability scans, safety tests and the like is detected, so that whether the deployment platform is qualified is determined;
further, under the condition that the deployment platform is qualified, version deployment of the application to be deployed is online;
Further, audit configuration detection can be performed after online deployment, and an operation and maintenance link is entered under the condition that audit configuration safety is determined.
The application deployment device provided by the invention is described below, and the application deployment device described below and the application deployment method described above can be referred to correspondingly.
Fig. 3 is a schematic structural diagram of an application deployment apparatus 300 provided in the present invention, as shown in fig. 3, the apparatus includes:
an acquiring module 310, configured to acquire a code of an application to be deployed;
a construction module 320, configured to construct a container image of the application to be deployed according to the code of the application to be deployed if the security detection result of the code of the application to be deployed is determined to be qualified;
obtaining a deployment package corresponding to the application to be deployed according to the container mirror image of the application to be deployed;
the deployment module 330 is configured to, when it is determined that the security detection result of the deployment package of the application to be deployed is qualified and the security test result of the target deployment platform of the application to be deployed is qualified, perform deployment on-line on the target deployment platform by using the deployment package corresponding to the container image.
In the device provided in this embodiment, the code of the application to be deployed is acquired through the acquisition module 310; then, the construction module 320 constructs a container image of the application to be deployed according to the code of the application to be deployed under the condition that the security detection result of the code of the application to be deployed is determined to be qualified; further, according to the container mirror image of the application to be deployed, a deployment package corresponding to the application to be deployed is obtained; finally, the deployment module 330 deploys the deployment package corresponding to the container image on the target deployment platform when the security detection result of the deployment package of the application to be deployed is determined to be qualified and the security test result of the target deployment platform of the application to be deployed is determined to be qualified.
In the device provided by the embodiment of the invention, the container mirror image of the application to be deployed is constructed under the condition that the safety detection result of the code of the application to be deployed is qualified, in addition, under the condition that the safety detection result of the deployment package of the application to be deployed is qualified and the safety test result of the target deployment platform of the application to be deployed is qualified, the deployment package corresponding to the container mirror image is deployed on the target deployment platform to be online, the safety test links are added in each link of the application deployment, and the application deployment is performed under the condition that the safety test result is qualified, so that the error probability in the application deployment process is reduced, and the application deployment efficiency is improved.
Optionally, the construction module 320 is specifically configured to:
Under the condition that the safety detection result of the code of the application to be deployed is determined to be qualified, generating a container image file corresponding to the application to be deployed according to the code of the application to be deployed;
Performing security detection on the container mirror image file corresponding to the application to be deployed to obtain a security detection result of the container mirror image file;
under the condition that the safety detection result of the container mirror image file is determined to be qualified, adding label information to the container mirror image file which is detected to be qualified; the label information is used for representing version information of the container image file;
and constructing the container mirror image of the application to be deployed according to the container mirror image file which is qualified in detection.
Optionally, the apparatus further comprises a version control module;
The version control module is used for:
Performing security detection on the deployment package of the application to be deployed to obtain a security detection result of the deployment package of the application to be deployed;
Under the condition that the safety detection result of the deployment package of the application to be deployed is determined to be qualified, performing automatic test on the deployment package of the application to be deployed to obtain a test case corresponding to the deployment package of the application to be deployed;
Pushing the deployment package of the application to be deployed and the test case corresponding to the deployment package of the application to be deployed to a version control library; the version control library is used for managing version information of deployment packages of at least one version of application;
and carrying out security test on the deployment environment of the target deployment platform to obtain a security test result of the target deployment platform.
Optionally, the deployment module 330 is specifically configured to:
determining a consistency result of a message digest MD5 value of a deployment package corresponding to the container mirror image and a message digest MD5 value corresponding to the deployment package in the version control library;
When the consistency result is that the message digest MD5 value of the deployment package corresponding to the container mirror image is consistent with the message digest MD5 value corresponding to the deployment package in the version control library, running the test case corresponding to the deployment package, and determining whether the function of the deployment package is normal according to the running result of the test case corresponding to the deployment package;
Under the condition that the function of the deployment package is normal, determining whether the container image corresponding to the deployment package is safe or not according to the container image corresponding to the deployment package and a preset system critical path;
And under the condition that the container mirror image corresponding to the deployment package is determined to be safe, the deployment package is deployed and online on the target deployment platform.
Optionally, the apparatus further comprises a configuration detection module;
the configuration detection module is used for:
and determining whether the container configuration information of the application to be deployed is qualified or not, and obtaining a security detection result of the container configuration information.
Optionally, the configuration detection module is further configured to:
and determining whether the audit configuration information corresponding to the application to be deployed is qualified or not, and obtaining a security detection result of the audit configuration information.
Optionally, the audit configuration information includes one of: audit configuration files, audit configuration parameters, audit network configuration, audit encryption algorithm and security policy configuration, audit log records and alarm rule setting, audit database configuration and audit firewall rule configuration.
Fig. 4 illustrates a physical schematic diagram of an electronic device, as shown in fig. 4, which may include: processor 410, communication interface (Communications Interface) 420, memory 430, and communication bus 440, wherein processor 410, communication interface 420, and memory 430 communicate with each other via communication bus 440. The processor 410 may invoke logic instructions in the memory 430 to perform an application deployment method comprising:
acquiring codes of applications to be deployed;
under the condition that the safety detection result of the code of the application to be deployed is determined to be qualified, constructing a container mirror image of the application to be deployed according to the code of the application to be deployed;
obtaining a deployment package corresponding to the application to be deployed according to the container mirror image of the application to be deployed;
And under the condition that the safety detection result of the deployment package of the application to be deployed is determined to be qualified and the safety test result of the target deployment platform of the application to be deployed is determined to be qualified, the deployment package corresponding to the container mirror image is deployed on the target deployment platform.
Further, the logic instructions in the memory 430 described above may be implemented in the form of software functional units and may be stored in a computer-readable storage medium when sold or used as a stand-alone product. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a usb disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
In another aspect, the present invention also provides a computer program product, the computer program product comprising a computer program, the computer program being storable on a non-transitory computer readable storage medium, the computer program, when executed by a processor, being capable of executing the application deployment method provided by the methods described above, the method comprising:
acquiring codes of applications to be deployed;
under the condition that the safety detection result of the code of the application to be deployed is determined to be qualified, constructing a container mirror image of the application to be deployed according to the code of the application to be deployed;
obtaining a deployment package corresponding to the application to be deployed according to the container mirror image of the application to be deployed;
And under the condition that the safety detection result of the deployment package of the application to be deployed is determined to be qualified and the safety test result of the target deployment platform of the application to be deployed is determined to be qualified, the deployment package corresponding to the container mirror image is deployed on the target deployment platform.
In yet another aspect, the present invention also provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, is implemented to perform the application deployment method provided by the above methods, the method comprising:
acquiring codes of applications to be deployed;
under the condition that the safety detection result of the code of the application to be deployed is determined to be qualified, constructing a container mirror image of the application to be deployed according to the code of the application to be deployed;
obtaining a deployment package corresponding to the application to be deployed according to the container mirror image of the application to be deployed;
And under the condition that the safety detection result of the deployment package of the application to be deployed is determined to be qualified and the safety test result of the target deployment platform of the application to be deployed is determined to be qualified, the deployment package corresponding to the container mirror image is deployed on the target deployment platform.
The apparatus embodiments described above are merely illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
From the above description of the embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus necessary general hardware platforms, or of course may be implemented by means of hardware. Based on this understanding, the foregoing technical solution may be embodied essentially or in a part contributing to the prior art in the form of a software product, which may be stored in a computer readable storage medium, such as ROM/RAM, a magnetic disk, an optical disk, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method described in the respective embodiments or some parts of the embodiments.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims (7)

1. An application deployment method, comprising:
acquiring codes of applications to be deployed;
Performing security audit on a pipeline for application deployment to obtain a security audit result of the pipeline;
Under the condition that the safety detection result of the code of the application to be deployed is determined to be qualified, and under the condition that the safety audit result of the assembly line is determined to be qualified, constructing a container mirror image of the application to be deployed according to the code of the application to be deployed;
obtaining a deployment package corresponding to the application to be deployed according to the container mirror image of the application to be deployed;
Performing security detection on the deployment package of the application to be deployed to obtain a security detection result of the deployment package of the application to be deployed;
Under the condition that the safety detection result of the deployment package of the application to be deployed is determined to be qualified, performing automatic test on the deployment package of the application to be deployed to obtain a test case corresponding to the deployment package of the application to be deployed;
Pushing the deployment package of the application to be deployed and the test case corresponding to the deployment package of the application to be deployed to a version control library; the version control library is used for managing version information of deployment packages of at least one version of application;
performing security test on a deployment environment of a target deployment platform to obtain a security test result of the target deployment platform;
when the security detection result of the deployment package of the application to be deployed is determined to be qualified and the security test result of the target deployment platform of the application to be deployed is determined to be qualified, deploying the deployment package corresponding to the container mirror image on the target deployment platform;
Under the condition that the safety detection result of the code of the application to be deployed is determined to be qualified, and under the condition that the safety audit result of the pipeline is determined to be qualified, constructing a container mirror image of the application to be deployed according to the code of the application to be deployed, including:
Under the condition that the safety detection result of the code of the application to be deployed is determined to be qualified, generating a container image file corresponding to the application to be deployed according to the code of the application to be deployed;
Performing security detection on the container mirror image file corresponding to the application to be deployed to obtain a security detection result of the container mirror image file;
under the condition that the safety detection result of the container mirror image file is determined to be qualified, adding label information to the container mirror image file which is detected to be qualified; the label information is used for representing version information of the container image file;
constructing a container mirror image of the application to be deployed according to the container mirror image file which is qualified in detection;
and when the security detection result of the deployment package of the application to be deployed is determined to be qualified and the security test result of the target deployment platform of the application to be deployed is determined to be qualified, deploying the deployment package corresponding to the container image on the target deployment platform, including:
determining a consistency result of a message digest MD5 value of a deployment package corresponding to the container mirror image and a message digest MD5 value corresponding to the deployment package in the version control library;
When the consistency result is that the message digest MD5 value of the deployment package corresponding to the container mirror image is consistent with the message digest MD5 value corresponding to the deployment package in the version control library, running the test case corresponding to the deployment package, and determining whether the function of the deployment package is normal according to the running result of the test case corresponding to the deployment package;
Under the condition that the function of the deployment package is normal, determining whether the container image corresponding to the deployment package is safe or not according to the container image corresponding to the deployment package and a preset system critical path;
And under the condition that the container mirror image corresponding to the deployment package is determined to be safe, the deployment package is deployed and online on the target deployment platform.
2. The application deployment method of claim 1, wherein the method further comprises:
and determining whether the container configuration information of the application to be deployed is qualified or not, and obtaining a security detection result of the container configuration information.
3. The application deployment method of claim 1, wherein the method further comprises:
and determining whether the audit configuration information corresponding to the application to be deployed is qualified or not, and obtaining a security detection result of the audit configuration information.
4. The application deployment method of claim 3 wherein the audit configuration information comprises one of: audit configuration files, audit configuration parameters, audit network configuration, audit encryption algorithm and security policy configuration, audit log records and alarm rule setting, audit database configuration and audit firewall rule configuration.
5. An application deployment apparatus, comprising:
the acquisition module is used for acquiring codes of the application to be deployed;
The construction module is used for carrying out security audit on a pipeline for application deployment to obtain a security audit result of the pipeline;
Under the condition that the safety detection result of the code of the application to be deployed is determined to be qualified, and under the condition that the safety audit result of the assembly line is determined to be qualified, constructing a container mirror image of the application to be deployed according to the code of the application to be deployed;
obtaining a deployment package corresponding to the application to be deployed according to the container mirror image of the application to be deployed;
the deployment module is used for carrying out security detection on the deployment package of the application to be deployed to obtain a security detection result of the deployment package of the application to be deployed;
Under the condition that the safety detection result of the deployment package of the application to be deployed is determined to be qualified, performing automatic test on the deployment package of the application to be deployed to obtain a test case corresponding to the deployment package of the application to be deployed;
Pushing the deployment package of the application to be deployed and the test case corresponding to the deployment package of the application to be deployed to a version control library; the version control library is used for managing version information of deployment packages of at least one version of application;
performing security test on a deployment environment of a target deployment platform to obtain a security test result of the target deployment platform;
when the security detection result of the deployment package of the application to be deployed is determined to be qualified and the security test result of the target deployment platform of the application to be deployed is determined to be qualified, deploying the deployment package corresponding to the container mirror image on the target deployment platform;
The construction module is specifically configured to:
Under the condition that the safety detection result of the code of the application to be deployed is determined to be qualified, generating a container image file corresponding to the application to be deployed according to the code of the application to be deployed;
Performing security detection on the container mirror image file corresponding to the application to be deployed to obtain a security detection result of the container mirror image file;
under the condition that the safety detection result of the container mirror image file is determined to be qualified, adding label information to the container mirror image file which is detected to be qualified; the label information is used for representing version information of the container image file;
constructing a container mirror image of the application to be deployed according to the container mirror image file which is qualified in detection;
The deployment module is specifically configured to:
determining a consistency result of a message digest MD5 value of a deployment package corresponding to the container mirror image and a message digest MD5 value corresponding to the deployment package in the version control library;
When the consistency result is that the message digest MD5 value of the deployment package corresponding to the container mirror image is consistent with the message digest MD5 value corresponding to the deployment package in the version control library, running the test case corresponding to the deployment package, and determining whether the function of the deployment package is normal according to the running result of the test case corresponding to the deployment package;
Under the condition that the function of the deployment package is normal, determining whether the container image corresponding to the deployment package is safe or not according to the container image corresponding to the deployment package and a preset system critical path;
And under the condition that the container mirror image corresponding to the deployment package is determined to be safe, the deployment package is deployed and online on the target deployment platform.
6. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the application deployment method of any of claims 1 to 4 when the program is executed by the processor.
7. A non-transitory computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when executed by a processor, implements the application deployment method according to any one of claims 1 to 4.
CN202410125315.2A 2024-01-30 2024-01-30 Application deployment method, device, equipment and storage medium Active CN117648100B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410125315.2A CN117648100B (en) 2024-01-30 2024-01-30 Application deployment method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410125315.2A CN117648100B (en) 2024-01-30 2024-01-30 Application deployment method, device, equipment and storage medium

Publications (2)

Publication Number Publication Date
CN117648100A CN117648100A (en) 2024-03-05
CN117648100B true CN117648100B (en) 2024-04-30

Family

ID=90048171

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410125315.2A Active CN117648100B (en) 2024-01-30 2024-01-30 Application deployment method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN117648100B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108958927A (en) * 2018-05-31 2018-12-07 康键信息技术(深圳)有限公司 Dispositions method, device, computer equipment and the storage medium of container application
WO2021035553A1 (en) * 2019-08-27 2021-03-04 西门子股份公司 Application program development and deployment method and apparatus, and computer readable medium
CN114995835A (en) * 2022-05-27 2022-09-02 珠海格力电器股份有限公司 Application automation deployment method, system, equipment and readable storage medium

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108958927A (en) * 2018-05-31 2018-12-07 康键信息技术(深圳)有限公司 Dispositions method, device, computer equipment and the storage medium of container application
WO2021035553A1 (en) * 2019-08-27 2021-03-04 西门子股份公司 Application program development and deployment method and apparatus, and computer readable medium
CN114995835A (en) * 2022-05-27 2022-09-02 珠海格力电器股份有限公司 Application automation deployment method, system, equipment and readable storage medium

Also Published As

Publication number Publication date
CN117648100A (en) 2024-03-05

Similar Documents

Publication Publication Date Title
US9467465B2 (en) Systems and methods of risk based rules for application control
US10402577B2 (en) Apparatus and method for device whitelisting and blacklisting to override protections for allowed media at nodes of a protected system
AU2019246773B2 (en) Systems and methods of risk based rules for application control
US10853488B2 (en) System and method for a security filewall system for protection of an information handling system
US10614219B2 (en) Apparatus and method for locking and unlocking removable media for use inside and outside protected systems
RU2680736C1 (en) Malware files in network traffic detection server and method
CN113660224B (en) Situation awareness defense method, device and system based on network vulnerability scanning
US20140201843A1 (en) Systems and methods for identifying and reporting application and file vulnerabilities
CN113704767A (en) Vulnerability scanning engine and vulnerability worksheet management fused vulnerability management system
US10812517B2 (en) System and method for bridging cyber-security threat intelligence into a protected system using secure media
US10990671B2 (en) System and method for implementing secure media exchange on a single board computer
CN112653655A (en) Automobile safety communication control method and device, computer equipment and storage medium
WO2021121382A1 (en) Security management of an autonomous vehicle
US20230319112A1 (en) Admission control in a containerized computing environment
Feng et al. Defense-in-depth security strategy in LOG4J vulnerability analysis
Gu et al. Continuous intrusion: Characterizing the security of continuous integration services
CN117494144A (en) Cloud platform-based safety environment protection method
CN113422776A (en) Active defense method and system for information network security
CN113922975A (en) Security control method, server, terminal, system and storage medium
CN117648100B (en) Application deployment method, device, equipment and storage medium
CN106856477B (en) Threat processing method and device based on local area network
CN114329444A (en) System safety improving method and device
US10972469B2 (en) Protecting critical data and application execution from brute force attacks
JP6950304B2 (en) How to match secure elements, computer programs, devices, servers and file information
CN113824678A (en) System and method for processing information security events to detect network attacks

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant