Zimbalwa izinsuku ezedlule I-Google yethule iphrojekthi entsha umthombo ovulekile, onegama elithi «UVanir» ebekwe njengeI-Static code analyzer eklanyelwe ukukhomba ubungozi kumaphrojekthi wesofthiwe, ikakhulukazi lawo angakalungiswa ngamapheshana.
Isebenza kanjani iVanir isekelwe kusizindalwazi sesiginesha equkethe ulwazi mayelana nokuba sengozini okwaziwayo namapeshi ahambisanayo, okuvumela ukuqhathanisa ikhodi yomthombo nezilungiso ezisetshenzisiwe ukuze kutholwe ukwephulwa kokuphepha okungenzeka.
Ngokwenza i-Vanir ibe umthombo ovulekile, umgomo wethu ukuvumela umphakathi wezokuvikela obanzi ukuthi unikele futhi uzuze kuleli thuluzi, okuvumela ukutholwa okubanzi futhi ekugcineni kuthuthukiswe ukuvikeleka kuwo wonke ama-ecosystem ahlukahlukene.
Phakathi kwe izinzuzo eziyinhloko Vanir okulandelayo kugqame:
- Ukuhlonza ubungozi kumafoloko kanye nekhodi yenkampani yangaphandle
I-Vanir yenza kube lula ukuthola ama-patches alahlekile kumafoloko, ukuguqulwa, noma amakhodi eboleka ngaphandle kwephrojekthi enkulu. Ku-ecosystem ye-Android, lokhu kukuvumela ukuthi uqinisekise ukuthi abakhiqizi bedivayisi yoqobo bawasebenzise kahle yini amapeshi adingekayo kuzinguqulo zabo ezenziwe ngokwezifiso zeplathifomu. - Ukuhlaziya ngaphandle kokuncika kwemethadatha
Ngokungafani namanye amathuluzi, i-Vanir ayidingi ulwazi olwengeziwe njengezinombolo zenguqulo, umlando wokuzibophezela, noma uhlu lwe-SBOM (I-Software Bill of Materials). Indlela yabo isekelwe ngokukhethekile ekuhlaziyeni okumile kwekhodi yomthombo ekhona. - Ukukhiqiza isiginesha okuzenzakalelayo
I-Vanir izenzela ngokuzenzakalelayo ukudalwa kwamasiginesha asuka kulwazi lokuba sengozini komphakathi (CVE) namapeshi ashicilelwe ngabanakekeli. Lokhu kwenza kube lula ukubuyekeza nokugcina imininingwane yesiginesha. - Ukwenyuka kokusebenza nokusebenza kahle
Ngokuthembela ekuhlaziyeni okumile kwekhodi yomthombo, i-Vanir inikeza ukusebenza okungcono kakhulu uma kuqhathaniswa nokuhlaziya okuguquguqukayo noma amathuluzi okuqinisekisa umhlangano kanambambili. - Ukuzanelisa kanye nokuqaliswa kwendawo
Ithuluzi livumela izinhlangano ukuthi zisebenzise futhi ziqhube ingqalasizinda ezinhlelweni zazo, zisuse isidingo sokuphendukela kumasevisi angaphandle noma zithembele kubantu besithathu. - Idatha ebuyekeziwe nethembekile
I-Vanir isebenzisa isizindalwazi esisiginesha esisekelwa ithimba lezokuphepha le-Google Android, iqinisekisa ukumbozwa okuthembekile nokwakamuva kobungozi obubalulekile. - Ukuhlanganiswa ne-CI/CD
Ukusekelwa kokuhlanganisa nokuhlanganisa okuqhubekayo kanye nezinhlelo zokulethwa okuqhubekayo (CI/CD) kuvumela ukutholwa ngokuzenzakalela kobungozi emjikelezweni wokuthuthukisa, okusiza ukuqaliswa kwezinqubo zokuphepha ku-DevSecOps. - Ukuvumelana nezimo nokuvumelana nezimo
Ngale kokutholwa kokuba sengozini, i-Vanir ingalungiselelwa eminye imisebenzi, efana nokuhlonza ukuhlanganisa ikhodi, ukuhlaziya ukuphindaphinda, noma ukusebenzisa ikhodi enamalayisense athile kwamanye amaphrojekthi.
Nakuba i-Vanir ekuqaleni yayidizayinelwe i-Android, ingashintshwa kalula kwezinye i-ecosystem ngokulungiswa okuncane, okuyenza ibe ithuluzi eliguquguqukayo lokuthuthukisa ukuvikeleka kwesofthiwe iyonke.
Ukwakhiwa kweVanir
UVanir iqukethe izingxenye ezimbili okuyinhloko:
- ijeneretha yesiginesha
- i-patch detector elahlekile.
El ijeneretha idala amasiginesha ngokusekelwe ezincazelweni zokuba sengozini (ngefomethi ye-OSV) kanye nezixhumanisi zamapeshi ahambisanayo, ikhodi yokucubungula ibophezela kumakhosombe athile afana ne-googlesource.com kanye ne-git.codelinaro.org, nethuba lokwengeza usekelo kwezinye izinsiza kusetshenziswa izibambi zokudonsa.
Isebenza kanjani i-Vanir?
I-Vanir Detector ihlaziya ikhodi yomthombo yendawo yokugcina futhi ihlole ukulungiswa wokuba sengozini akhona. Lo msebenzi uyenziwa usebenzisa ama-algorithms athuthukile Ngokuthuthukiswa kwesiginesha nokuhlaziya amaphethini amaningi, u-Vanir ukhiqiza umbiko onemininingwane egqamisa ubungozi obungakopishiwe, ohlinzeka ngezixhumanisi eziya ezindaweni zamakhodi nezinkomba kuzihlonzi ze-CVE namapeshi asetshenzisiwe.
Njengesibonelo sokuqonda umthamo weVanir mayelana nokusebenza, lokhu ungaskena ikhodi yomthombo we-Android, Ngolwazi olugciniwe oluhlanganisa ubungozi obungaphezu kuka-2000, ngemizuzu eyi-10 kuye kwengama-20 ku-PC yesimanje. Izinga elingelona iqiniso, elisekelwe eminyakeni emibili yokusetshenziswa ngaphakathi kwe-Google, lihlala liphansi, cishe ngo-2.72%.
ekugcineni uma ukhona unentshisekelo yokwazi okwengeziwe ngayo, ungabheka imininingwane kufayela le- isixhumanisi esilandelayo.