The DevInternet Automation Exchange platform gathers shared code repositories associated to Cisco and open supply applied sciences for domains in safety, networking, cloud, IoT, collaboration, mobility, and knowledge middle. Use circumstances on the change cowl situations for automation, monitoring, telemetry, and community automation. Our Exchange administration staff does its finest to examine safety metrics and vulnerabilities in all submissions earlier than delivering code to the neighborhood. We are on the best way to merging our two platforms, Code Exchange and Automation Exchange.
Security instruments in DevInternet Automation Exchange
“Shift left security” means enabling builders to handle safety considerations earlier within the growth course of. To facilitate this shift, now we have built-in two further security measures into the Exchange submission course of – Scorecard and KubeClarity.
- Scorecard – Security well being metrics maintained by the Open Source Security Foundation. The scorecard analyzes points reminiscent of dependencies, license information, contributors, code-review, CI-tests, and safety. As a consequence, you get a rating for every case, purpose, and associated hyperlink.
Scorecard safety well being metrics
• KubeClarity is an open supply software for detecting and managing Software Bill Of Materials (SBOM) in addition to container photos and filesystems vulnerabilities.
KubeClarity vulnerability report
Now, these instruments are built-in into the submission workflow. Once now we have evaluated a brand new use case submission, we ship all analytics and safety experiences to the submitter.
For Exchange submitters this automation will help make their purposes safer.
For Exchange customers (e.g., builders, DevOps, infrastructure engineers, companions, purchasers, Cisco SE’s) we are able to suggest safe Exchange use circumstances that they’ll use independently in shopper infrastructure, or cloud, or as half of a bigger venture.
You can uncover and search apps, tasks, and code samples on your wants. As we collectively repo from the neighborhood, we additionally ask builders and engineers to submit their tasks to the platform.
About Automation Exchange code area
Exchange Code Space is an interactive surroundings that you would be able to open along with your browser, edit supply code, and deploy associated code samples/run scripts.
How does it work? After you click on the “try it out!” button, you’ll be redirected to the interactive surroundings. In this Code Space Dev surroundings, you possibly can open and edit the repo’s supply code in addition to deploying the app or working the script.
We are on the best way to merging our two platforms, Code Exchange and Automation Exchange. For now, Code Space is supported for these code samples:
In code samples, we additionally add associated credentials or API Keys to work together with DevInternet Sandbox, and you should use it for demo functions or paste different credentials. Just navigate to “deploy in Cisco Exchange dev environment” and deploy your app.
Next, in Code Space you are able to do:
- VS Code for enhancing and interplay with supply code.
- Terminal with entry to an surroundings with pre-installed Python, the place you possibly can run associated instructions.
- Exposing an External URL for entry to the inner IP Address of an Application or service. Users can use it for interplay with App graphical interface, webhook service, and WebSockets.
Submit your repo… get these advantages
By submitting your repo to the DevInternet Automation Exchange you will get these advantages:
- Verification of compliance with the essential Readme necessities
- Validate and check your conditions, set up, and utilization directions
- We check all repos utilizing DevInternet Sandbox, or utilizing assets and workflow that you just present. Usually, we are able to check your repo on completely different operation techniques
- We additionally have a look at your code and might recommend some enhancements (when the {qualifications} and expertise of our reviewers enable it)
We’d love to listen to what you suppose. Ask a query or go away a remark beneath.
And keep related with Cisco DevInternet on social!
LinkedIn | Twitter @CiscoDevInternet | Facebook | YouTube Channel
Share: