System and method for implementing application policies across development environments

摘要

Method to facilitate a distributed analysis of the security and vulnerability of a software application, the method comprising: setting security policy parameters at the application level; distribute the policy settings at the application level to a policy sandbox; distribute portions of the application to a plurality of development sandboxes, each sandbox being configured to allow further development of the portion of the application distributed to it, where the plurality of development sandboxes: (i) corresponds to a Analysis ID; and (ii) comprises a first development sandbox, the first development sandbox corresponding to a first portion of the application; analyze, in at least one development sandbox, the corresponding portion of the application, in accordance with the application-level security policy parameters by accessing the policy sandbox, where the analysis of the first application portion comprises : (a) obtain first results of analysis of the development sandbox by analyzing in a first iteration at least the first portion of the application; (b) computing a first difference between the first development sandbox analysis results and the application analysis results that are associated with the analysis ID; (c) obtain a first assessment by evaluating the policy defect constraints based, at least in part, on the first difference; (d) if the evaluation fails: (A) obtain second development sandbox analysis results for the first development sandbox by analyzing the first portion of the application in a second iteration; (B) calculating a second difference between the second development sandbox analysis results and at least one between the application analysis results associated with the analysis ID and the first development sandbox analysis results; and (C) obtain a second assessment by evaluating the policy defect constraints based, at least in part, on the second difference; updating the policy sandbox with the analysis results of at least one of the plurality of development sandboxes; where updating comprises: (e) promoting, in the policy sandbox, the first development sandbox analysis results if the first evaluation completes successfully, or the second development sandbox analysis results if the second evaluation completes successfully.