Security Scorecards: Chii icho uye chii chitsva mushanduro yayo nyowani 2.0?
Mazuva mashoma apfuura a vhezheni itsva 2.0 kubva kune yakavhurwa sosi chirongwa chinonzi "Makadhi Ekuchengetedza", rinova chirongwa chakatangwa munaNovember 2020 na Google and the Vhura Sosi Yekuchengetedza Sisekelo (OpenSSF).
Chikonzero nei, muchinyorwa chino tichaongorora zvishoma nezve yakataurwa chirongwa uye yayo mhando itsva 2.0, izvo zvino zvave Kuwedzeredzwa kuyedzwa uye kugona kukwidziridza iyo data inogadzirwa kuti iwedzere kuongorora.
Uye sezvo chirongwa ichi chiri kutarisira iyo OpenSSF, isu tinobva tasiya link yedu yapfuura inoenderana posvo nayo, kuitira kuti kana zvichidikanwa, avo vanofarira kudzidza zvakawanda nezve yakataurwa Foundation vanogona kuiwana nyore:
"Linux Foundation yakazivisa kuumbwa kwechirongwa chitsva chinonzi "OpenSSF" (Open Source Security Foundation) icho chine chinangwa chikuru chekuunza pamwechete basa revatungamiriri veindasitiri mumunda wekodhi software yekuchengetedza. Kuvhura. Naizvozvi, OpenSSF ichaenderera mberi nekuvandudza zvirongwa zvakaita seInishuwarenzi Initiative uye Open Source Security Coalition (Central Infrastructure Initiative uye Open Source Security Coalition) uye ichaunza pamwechete rimwe basa rine chekuita nezvekuchengetedza riri kuitwa nemakambani akabatana nechirongwa ichi. ." OpenSSF: chirongwa chakanangana nekuvandudza kuchengetedzwa kweyakavhurika sosi software
Ekuchengetedza Scorecards: Ekuchengetedza Score Makadhi
Chii chinonzi Security Scorecards?
Zvinoenderana ne kuburitswa zviri pamutemo kweGoogle Open Source, chirongwa ichi chakatsanangurwa seinotevera:
""Security Scorecards" ndeimwe yemapurojekiti ekutanga kuburitswa mukati meiyo OpenSSF fomati kubvira payakatanga muna Nyamavhuvhu 2020. Chinangwa chayo ndechekuzvigadzirira "zvibodzwa zvekuchengetedza" zvemapurojekiti akavhurika kuitira kubatsira Vashandisi kusarudza kuvimba. , njodzi, uye chengetedzo mamiriro avo ekushandisa kesi.
Security Scorecards inotsanangura yekutanga ongororo nzira iyo inoshandiswa kuzogadzira mamaki kadhi yeakavhurika sosi purojekiti nenzira yakazara zvoga. Cheki yega yega pachikadhi inoitisa. Mimwe yematanho ekuongorora anoshandiswa anosanganisira anotsanangurwa-zvakanaka mutemo wezvekuchengetedza, maitiro ekuongorora kodhi, uye kuenderera mberi kwekuyedza kufukidzwa nemidziyo yekunyepedzera uye static kodhi kuongorora. Boolean inodzoserwa pamwe neyakavimbika mamaki kune yega yekutarisa cheki.
Nekufamba kwenguva, Google ichavandudza matriki aya nemipiro yemunharaunda kuburikidza neOpenSSF." Chengetedzo mamaki emakadhi akavhurwa sosi mapurojekiti
Security Scorecards anoshanda sei?
Maererano ne OpenSSF, "Makadhi Ekuchengetedza" inoshanda seinotevera:
Gadzira a kadhi rechikwangwani yeakavhurika sosi purojekiti nenzira yakazara zvoga. Kunyangwe, parizvino kodhi inoshanda chete ne GitHub software zvinyorwa, Kuwedzera kwayo kune mamwe masosi kodhi zvinyorwa kuri mupombi. Uyezve, mamwe e kuongorora metric yakashandiswa inosanganisira yakatsanangurwa-inochengetedzwa mutemo, kodhi kuongorora maitiro, uye kuenderera kwekuyedza kufukidza ne fuzzing maturusi y static kodhi kuongorora.
Uye zvakare, iyo nguva nenguva inoongorora iyo yakakosha yakavhurika sosi mapurojekiti uye inofumura iyo ruzivo (data) yemacheke kuburikidza ne BigQuery dhatabhesi yeruzhinji iyo inogadziridzwa vhiki nevhiki. Uye iyi data inogona zvakare kushandiswa kuwedzera chero otomatiki kuita sarudzo kana yapinda. nyowani yakavhurika sosi kutsamira mukati memapurojekiti kana masangano.
Nekudaro, masangano anogona sarudza zvakaringana Kuti chero kutsva kutsva game zvakaderera zvibodzwa unofanirwa kupfuura kuwedzerwa kuongorora. Saka macheki aya anogona kubatsira kudzikisira kutsamira kwakashata kubva pakuendeswa pane ekugadzira masisitimu.
Kuti uwedzere ruzivo urwu kubva kune yako chinyorwa sosi (OpenSSF) unogona kuongorora zvinotevera link.
Chii chitsva mushanduro 2.0
Uyu vhezheni itsva 2.0 yakaburitswa nguva pfupi yapfuura Google ichaunza hwaro hwakakwana hunodaidzwa "Zvigadzirwa zvekutengesa zvema software zvigadzirwa" (Kuwedzera-cheni Matanho eSoftware Artifacts - SLSA) iyo inotsvaga kuve nechokwadi chekuvimbika kwesoftware zvigadzirwa uye kudzivirira kusabvumidzwa kushandurwa panguva yavo yekuvandudza uye kuita.
Uye inosanganisa muchidimbu munzira yakajairwa zvinotevera nhau:
- Kuvandudza mukuzivikanwa kwenjodzi dzinogona kuzivikanwa.
- Yakasimbiswa yakaipa kupa kwekutsvagisa kuburikidza nekumanikidza kwechitatu-bato kodhi ongororo usati waita.
- Kupedzisa kuwanikwa kweyakaremara kodhi kuburikidza nekumisikidza kweiyo static kodhi bvunzo uye kuenderera kuchizadza.
- Kuvandudza mukucherechedzwa kwevanotambura kutsamira kudzikisira njodzi dzinogona kuchengetedzwa uye kubvumidza kuita sarudzo dzakakodzera kwazvo pakuderedza kwavo.
Kutsvaga mune ruzivo rwe zvinowedzeredzwa zvazvino kana zvinoshanda unogona kuongorora zvinotevera link.
Resumen
Tinovimba izvi "inobatsira shoma posvo" about «Security Scorecards», iri chirongwa chakatangwa na Google and the Vhura Sosi Yekuchengetedza Sisekelo, uyo achangobva kuburitsa vhezheni itsva 2.0 kuti yakavandudza macheki uye kugona kugadzirisa yakagadziriswa dhata yekuzoongorora kwekupedzisira; ndeyekufarira kukuru uye kushandiswa, kweiyo yese «Comunidad de Software Libre y Código Abierto» uye yemupiro mukuru mukupararira kweinoshamisa, hombe uye kukura ecosystem yezvishandiso zve «GNU/Linux».
Parizvino, kana iwe waifarira izvi publicación, Usamire igovera nevamwe. teregiramu, Chiratidzo, Mastodon kana imwe ye Fediverse, ndoda.
Uye yeuka kushanyira peji redu repamba pa «DesdeLinux» kuti uongorore dzimwe nhau, pamwe nekujoinha chiteshi chedu chepamutemo che Teregiramu ye DesdeLinux. Nepo, kuti uwane rumwe ruzivo, iwe unogona kushanyira chero Raibhurari yepaindaneti Chemhondoro OpenLibra y jedit, kuwana uye kuverenga mabhuku edhijitari (maPDF) panhau iyi kana mamwe.