Abstract: Embodiments relate to a computer system, computer program product, and computer-implemented method to train a machine learning (ML) model using artificial intelligence to learn an association between (regulatory) compliance requirements and features of micro-service training datasets. The trained ML model is leveraged to determine the compliance requirements of a micro-service requiring classification. In an exemplary embodiment, once the micro-service has been classified with respect to applicable compliance requirements, the classified micro-service may be used as an additional micro-service training dataset to further train the ML model and thereby improve its performance.

Abstract: Embodiments relate to an intelligent computer platform to for optimizing operating system vulnerability analysis. A build manifest is parsed and actions associated with operating system packages that contribute to an image build are identified. The identified actions are executed and a minimum build image is created. The minimum image build is scanned and evaluated to identify one or more vulnerabilities present in the minimum image build. Remedial measures are identified and applied to the identified vulnerabilities. The build manifest is executed with the applied remedial measures.

Abstract: Techniques regarding managing one or more software application build processes are provided. For example, one or more embodiments described herein can comprise a system, which can comprise a memory that can store computer executable components. The system can also comprise a processor, operably coupled to the memory, and that can execute the computer executable components stored in the memory. The computer executable components can comprise a control component that can execute a freeze algorithm that modifies an incorporation of a software artifact within a software application build set. The freeze algorithm can prevent implementation of a change to the software artifact by a version control program.

Abstract: Systems, computer-implemented methods, and computer program products that facilitate identifying computer software vulnerabilities, and more specifically, execute an approximate representation of software to produce a fingerprint are provided. In one example, a system is provided. The system can comprise a memory that stores computer executable components and a processor that executes the computer executable components stored in the memory. The computer executable components can include a filter component and an execution component. The filter component can filter a platform-independent intermediate representation to a filtered representation. The execution component can execute the filtered representation on a virtual machine to produce an output vector which can be used to identify computer software vulnerabilities.

Abstract: Techniques facilitating compliance aware service registry and load balancing are provided. A system can comprise a memory that stores computer executable components and a processor that executes computer executable components stored in the memory. The computer executable components can comprise an extraction component that removes a service from a load balancer ring based on a first determination by a verification component that a compliance state of the service is a non-compliant state. Further, the computer executable components can comprise an insertion component that adds the service to the load balancer ring based on a second determination by the verification component that, after a defined amount of time, the compliance state of the service is a compliant state.

Abstract: A method provides for collecting data source images from multiple repositories. Application dependencies are discovered from the data source images. Status results are determined based on vulnerability and compliance scanning of all dependent sources for each data source image. The status results are aggregated across all data source images for each of the multiple repositories. Remediations are determined for violations indicated by the aggregated status results. Each of the remediations is aggregated and ordered to define a single global remediation solution.

Abstract: An artificial intelligence (AI) platform to support a continuous integration and deployment pipeline for software development and operations (DevOps). One or more running processes are subject to monitoring to identify presence of vulnerabilities. An automated rebuild of the monitored processes is initiated, which includes constructing a map representing a relationship of test code elements corresponding to different portions of source code. The identified vulnerable source code reflected in a new container image is subject to an automatic verification to ascertain if the source code is covered by at least one of the represented test code elements. A risk assessment is employed as part of the verification. A new container image is selectively deployed responsive to the risk assessment.

Abstract: A system for determining vulnerability of an application container is provided. The system receives a report associating a first version of a software package with a vulnerability and a second version of the software package as being an update that fixes the vulnerability. The system receives the first version and the second version of the software package. The second version has one or more files that correspond to files in the first version. The system identifies a changed file in the first version of the software package that is different from a corresponding file in the second version of the software package. The system identifies a container file in an application container that matches the changed file in the first version of the software package. The system associates the identified container file with the vulnerability.

Abstract: Embodiments relate to an intelligent computer platform to for optimizing operating system vulnerability analysis. A build manifest is parsed and actions associated with operating system packages that contribute to an image build are identified. The identified actions are executed and a minimum build image is created. The minimum image build is scanned and evaluated to identify one or more vulnerabilities present in the minimum image build. Remedial measures are identified and applied to the identified vulnerabilities. The build manifest is executed with the applied remedial measures.

Abstract: Systems, computer-implemented methods, and computer program products that facilitate identifying computer software vulnerabilities, and more specifically, execute an approximate representation of software to produce a fingerprint are provided. In one example, a system is provided. The system can comprise a memory that stores computer executable components and a processor that executes the computer executable components stored in the memory. The computer executable components can include a filter component and an execution component. The filter component can filter a platform-independent intermediate representation to a filtered representation. The execution component can execute the filtered representation on a virtual machine to produce an output vector which can be used to identify computer software vulnerabilities.

Abstract: A container cloud platform that allows software functions to be shared by multiple applications in different application containers is provided. The service functions are containerized and disaggregated from the application containers. The containerized services are delivered as a capsule for applications that invoke the service functions at application runtime. The images of the service containers are deployed at the host computing devices operating the corresponding application containers. The container cloud platform monitors the deployed service containers for their execution as well as their termination.

Abstract: Embodiments relate to a system, program product, and method for evaluating and controlling configuration of a build manifest. An application build manifest is discovered and is subjected to parsing process in which one or more components that comprise the application are identified. The build manifest is monitored for changes to the identified components, and a change notification is generated in response to a change in an identified component. Each generated change notification is assigned a classification. The change notifications are applied selectively to update the manifest, wherein the selective update is based on the classification of the change notification.

Abstract: Systems, computer-implemented methods and/or computer program products that facilitate compliance-aware runtime generation of containers are provided.

Abstract: Systems, computer-implemented methods and/or computer program products that facilitate compliance-aware runtime generation of containers are provided.

Abstract: Techniques facilitating cloud-native extensibility provided to security analytics are provided. A system comprises a memory that stores, and a processor that executes, computer executable components. The computer executable components can comprise a security component that implements an instance of an encapsulated security application. The encapsulated security application can be embedded into a container image as an extended analytic script. The computer executable components can also comprise an execution component that applies the instance of the encapsulated security application to a simulated system state of a computing device during subsequent scanning operations that result in respective analytics for scanning operations of the subsequent scanning operations.

Abstract: Techniques facilitating cloud-native extensibility provided to security analytics are provided. A system comprises a memory that stores, and a processor that executes, computer executable components. The computer executable components can comprise a security component that implements an instance of an encapsulated security application. The encapsulated security application can be embedded into a container image as an extended analytic script. The computer executable components can also comprise an execution component that applies the instance of the encapsulated security application to a simulated system state of a computing device during subsequent scanning operations that result in respective analytics for scanning operations of the subsequent scanning operations.

Abstract: A system for determining vulnerability of an application container is provided. The system receives a report associating a first version of a software package with a vulnerability and a second version of the software package as being an update that fixes the vulnerability. The system receives the first version and the second version of the software package. The second version has one or more files that correspond to files in the first version. The system identifies a changed file in the first version of the software package that is different from a corresponding file in the second version of the software package. The system identifies a container file in an application container that matches the changed file in the first version of the software package. The system associates the identified container file with the vulnerability.

Abstract: Techniques facilitating compliance aware service registry and load balancing are provided. A system can comprise a memory that stores computer executable components and a processor that executes computer executable components stored in the memory. The computer executable components can comprise an extraction component that removes a service from a load balancer ring based on a first determination by a verification component that a compliance state of the service is a non-compliant state. Further, the computer executable components can comprise an insertion component that adds the service to the load balancer ring based on a second determination by the verification component that, after a defined amount of time, the compliance state of the service is a compliant state.

Abstract: Techniques facilitating compliance aware service registry and load balancing are provided. A system can comprise a memory that stores computer executable components and a processor that executes computer executable components stored in the memory. The computer executable components can comprise an extraction component that removes a service from a load balancer ring based on a first determination by a verification component that a compliance state of the service is a non-compliant state. Further, the computer executable components can comprise an insertion component that adds the service to the load balancer ring based on a second determination by the verification component that, after a defined amount of time, the compliance state of the service is a compliant state.

Abstract: Techniques facilitating representing and analyzing cloud computing data as pseudo systems are provided. A system comprises a memory that stores, and a processor that executes, computer executable components. The computer executable components comprise a framework component and a generation component. The framework component can recreate a system state of a computing device as a pseudo system state for the computing device. The pseudo system state can be decoupled from an original operating state of the computing device and can comprise data abstracted from the original operating state. The data abstracted can mimic an operation of the computing device. The generation component can create the pseudo system state and can facilitate black-box execution of software over the pseudo system state. The black-box execution of software can comprise running applications in the pseudo system state as if the applications were executing in the original operating state of the computing device.