! , Positive Technologies. DevOps-, .
, PT Application Inspector (PT AI) . , PT AI CI, . PT AI .
. , PT AI , CI-. DevOps- (DevSecOps). PT AI CI-: , , PT AI . , PT AI .
PT Application Inspector
DevOps- Positive Technologies
DevOps , . Positive Technologies 18 , DevOps- , . , .
, CI/CD- . CI/CD , DevOps- .
15 . โ 500++ . , , . โ PT Application Inspector, .
CI/CD- :
GitLab ( ), 9.5K ;
GitLab CI ( CI-), 2.7M ;
Artifactory ( ), 8.2Tb ;
, high, med low , . 40 , vSphere.
2014 CI-, CI-, .
" : Continuous Integration" (2016).
" : Positive Technologies DevOps" (2017).
" -" (2018).
" : " (2019).
PT Application Inspector DevSecOps-
PT Application Inspector โ , . PT AI , (SAST, DAST IAST), .
PT AI - , , , , โ .
: java, php, c#, vb, objective-c, c++, sql, swift, python, javascript, go, kotlin.
DevSecOps. DevSecOps CI/CD-. , , , CI/CD-.
PT Application Inspector . DevSecOps . , .
, PT AI :
. .
. PT AI , , , .
. 3rd-party .
. PT AI Security Gate .
DevOps โ (- -, CPU, RAM, Disk). โ . CI-, , .
. , :
;
;
;
Artifactory;
GUS;
FUS-;
.
: PT Application Inspector. DevOps-, PT AI โ โ "" CI- :
( Promoting);
( Publishing);
( Testing);
( Building, );
, ( Building, Artifactory).
. , . . , CI-.
DevOps-Tools ( , ), (job) GitLab CI, .
, DevOps . .
PT Application Inspector Enterprise Server
, , PT AI . AIE-:
CI- , ;
-, CI- , ;
, , .
, CI-, . , AIE - . , AIE Windows Server, Linux-.
, .
AIE ( Server.AIE.Agent) .
(source code) GitLab (DevOps.GitLab) (DevOps.BuildAgent) (workingDirectory), AIE Application Inspector Shell Agent AISA (AIE.LightweightClient). API AIE. AISA - (Docker.Windows/Linux.AISA-client), "" .
AIE- GitLab-, ("" source code AIE.Server), , AISA .
- AISA (DevOps.GitLab-CI), CI- DevOps-. docker registry Artifactory (Docker.Registry). .
- AISA.
:
, AIE, .
AIE , .
API: AISA AIE-.
( ) , , Codacy SonarQube. GitLab, Code Quality .
.
:
, . CI- . , , AIE- -.
, .
, AIE-.
.
PT AI , .
PT AI
, . AIE , AISA, "" .
CI- GitLab CI, .gitlab-ci.yml. CI-, , .
PT AI
, -, GitLab.
- .
build-on-server (bash batch), . CI-. build-on-server , , CI- CI-.
AISA, : AIE, , , , .
AISA- AIE . โ .
, 5, , AISA AIE ( , hash ), . AIE GitLab- , . .
AIE- . : , , , -.
(exit code) . , . CI- : , , , . AIE- .
, - , .
, Artifactory.
Artifactory snapshot- , , .
PT AI CI
CI- , CI PT AI. : , AISA, AIE- CI-.
PT AI CI
, : Application Inspector Enterprise . , , , -. AISA, "" , . , AIE- -.
: AISA "" -, CI-. CI- AISA- โ docker registry . , , AISA latest -.
, PT AI . CI- , , , PT AI .
PT Application Inspector CI- .
: , GitLab CI
PT Application Inspector Enterprise
PT Application Inspector Enterprise Server โ Windows, . (workers), , CI- TeamCity, GitLab CI Jenkins. .
. - Application Inspector Viewer.
( ).
PT AI Enterprise Server |
Intel Core i7 3,2 |
8 |
|
200 |
|
10 / |
|
64- Windows Server 2012 R2 |
|
Windows PowerShell 5.0 |
|
PT AI Enterprise Agent |
Intel Core i7 3,2 |
8 |
|
10 / |
|
: Microsoft Edge, Mozilla Firefox 46 , Google Chrome 50 |
CI- AISA-
AISA, PT AI, 3rd-party โ . , CI- , , . .
AISA - Linux Windows, AISA docker registry Artifactory. - AISA - . , 3.6.1.4931-7 , -, AISA 3.6.1.4931.
โ - latest. , "" (promoting) snapshot- release- . , docker pull docker registry, AIE-. - , , "" .
AISA-
: AISA ( ).
|
|
? |
--project-name |
(), . AIE . : DevOpsSandbox |
, --project-settings-file |
--project-settings-file |
: Test.aiproj |
, --project-name |
--policies-path |
. : ./policy.json |
|
--scan-target |
. : source/folder |
|
--reports-folder |
, . : .ptai |
|
--reports |
, . : HTML, PDF, JSON, WAF : "HTML,JSON" |
|
--no-wait |
, |
|
--scan-off |
AIE , ( --project-settings-file) |
|
PT AI GitLab CI
AIE- , . CI-. GitLab CI.
GitLab CI (job) .gitlab-ci.yml. CI-. , , Linux Windows - AISA.
aisa-set-settings. .aiproj , AISA . , beforescript.
aisa . , AIE- , --project-name . , , --project-settings-file . AISA . .
, HTML JSON. , --no-wait, AISA . , - AIE-.
. git-. , , โ aisa-set-settings. .
โ . , .
โ , , CI-. . .
. : , , , aisa-codequality - GitLab .
, , โ " ". : include , , . GitLab.
PT AI , PT Application Inspector. CI- โ " ".
PT AI CI- TeamCity . PT AI Linux Windows python- - AISA .
Open Source dohq-ai-best-practices
, CI dohq-ai-best-practices MIT-.
:
PT AI CI;
PT Application Inspector Enterprise;
dockerfile AISA- Windows Linux;
AISA:
job- GitLab CI,
TeamCity,
CLI AISA.
- DevOps-, PT Application Inspector , , , CI-. .
2020 CI-, DevSecOps PT Application Inspector. , PT AI ( 39:45).
: PT Application Inspector " ", , , Application Inspector Enterprise AISA. DevSecOps- AIE- AISA. , PT Application Inspector .
:
PT Application Inspector :ptsecurity.com/ru-ru/products/ai/
Positive Technologies:
PT Application Inspector:ptsecurity.com/ru-ru/research/webinar/pt-application-inspector-obzor-novoy-versii-i-roadmap/
PT Application Inspector CI-:ptsecurity.com/ru-ru/research/webinar/devsecops-vnedrenie-v-produktovyj-konvejer-i-ehkspluataciya-pt-application-inspector/
GitLab CI:github.com/devopshq/dohq-ai-best-practices
, PT Application Inspector . PT AI CI.
, "" AISA -, Application Inspector Enterprise AISA-. . - CI- , , . , , , PT AI CI- .
, . , , PT Application Inspector.
, , PT AI: