Abstract: A compliance discovery and integration process is implemented in association with a cloud-based security and compliance platform and associated CI/CD framework. The process assumes an existing DevOps-based deployment of a product, such as an enterprise application that executes in a runtime production environment. The technique of this disclosure addresses the problem of misalignment between a compliance policy and the product's post-deployment regulation posture by providing tools and methods that enable pro-active augmentation of governance and compliance policy during the pre-deployment phase and with respect to a next deployment of the product (e.g., a next or updated version). Thus, when the product is later deployed in its next deployment, its regulation posture (post-deployment) is already consistent with the compliance policy.

Abstract: Systems and techniques that facilitate compliance enforcement via service discovery analytics are provided. In various embodiments, a system can comprise a receiver component that can access one or more declarative deployment manifests associated with a computing application. In various instances, the system can comprise a dependency component that can build a dependency topology based on the one or more declarative deployment manifests. In various cases, the dependency topology can indicate dependencies among one or more computing objects that are declared by the one or more declarative deployment manifests. In various aspects, the system can comprise a compliance component that can determine, based on the dependency topology, whether the computing application satisfies one or more compliance standards.

Abstract: A compliance discovery and integration process is implemented in association with a cloud-based security and compliance platform and associated CI/CD framework. The process assumes an existing DevOps-based deployment of a product, such as an enterprise application that executes in a runtime production environment. The technique of this disclosure addresses the problem of misalignment between a compliance policy and the product’s post-deployment regulation posture by providing tools and methods that enable pro-active augmentation of governance and compliance policy during the pre-deployment phase and with respect to a next deployment of the product (e.g., a next or updated version). Thus, when the product is later deployed in its next deployment, its regulation posture (post-deployment) is already consistent with the compliance policy.

Abstract: Systems and techniques that facilitate compliance enforcement via service discovery analytics are provided. In various embodiments, a system can comprise a receiver component that can access one or more declarative deployment manifests associated with a computing application. In various instances, the system can comprise a dependency component that can build a dependency topology based on the one or more declarative deployment manifests. In various cases, the dependency topology can indicate dependencies among one or more computing objects that are declared by the one or more declarative deployment manifests. In various aspects, the system can comprise a compliance component that can determine, based on the dependency topology, whether the computing application satisfies one or more compliance standards.

Abstract: An approach is disclosed that selects a current processing element from a set of processing elements included in a software pipeline. A selected input data to the current processing element was an output data from a previously executed processing element. The input data is verified by computing a current fingerprint of the selected input data and comparing the computed fingerprint to an expected fingerprint. The expected fingerprint was previously computed after the output data was generated by the previously executed processing element. In response to the comparing revealing that the current fingerprint fails to match the expected fingerprint, a verification error is indicated to a user of the process.

Abstract: A method provides for collecting data source images from multiple repositories. Application dependencies are discovered from the data source images. Status results are determined based on vulnerability and compliance scanning of all dependent sources for each data source image. The status results are aggregated across all data source images for each of the multiple repositories. Remediations are determined for violations indicated by the aggregated status results. Each of the remediations is aggregated and ordered to define a single global remediation solution.

Abstract: A method provides for collecting data source images from multiple repositories. Application dependencies are discovered from the data source images. Status results are determined based on vulnerability and compliance scanning of all dependent sources for each data source image. The status results are aggregated across all data source images for each of the multiple repositories. Remediations are determined for violations indicated by the aggregated status results. Each of the remediations is aggregated and ordered to define a single global remediation solution.

Abstract: In general, the present invention discloses a policy-based decision system to manage energy consumption within a complex system, such as a municipality, business or home. These policies help to control energy usage, either for the purpose of conservation or to contend with a shortage situation. In general, policies may be set based on business requirements, including energy demand, energy supply, safety, Quality of Service (QoS) settings per object or groupings, convenience, risk analysis output or events. Among other things the approach described herein discloses the following: creation and management of policies; selection of optimal throttling plan to achieve energy conservation requirements; running of simulation scenarios based on different policies and/or reduction requirements; conducting of risk analysis for different scenarios; etc.

Abstract: Context-dependent transactional management of services within a cloud environment for an organization using business rules includes generating a partitioned graph representing the organization and the business rule, where the business rules include one or more separation of duties requirements. Upon receiving an access request from an end user of the cloud service, a determination is made if the access request to the cloud service violates any of the one or more separation of duties requirements. Based on determining that the access request to the cloud service does not violate any of the one or more separation of duties requirements, transaction with the cloud service is granted to the end user. Based on determining that the access request to the cloud service violates one of the one or more separation of duties requirements, access to the cloud service is denied to the end user.

Abstract: Context-dependent transactional management of services within a cloud environment for an organization using business rules includes generating a partitioned graph representing the organization and the business rule, where the business rules include one or more separation of duties requirements. Upon receiving an access request from an end user of the cloud service, a determination is made if the access request to the cloud service violates any of the one or more separation of duties requirements. Based on determining that the access request to the cloud service does not violate any of the one or more separation of duties requirements, transaction with the cloud service is granted to the end user. Based on determining that the access request to the cloud service violates one of the one or more separation of duties requirements, access to the cloud service is denied to the end user.

Abstract: Context-dependent transactional management of services within a cloud environment for an organization using business rules includes generating a partitioned graph representing the organization and the business rule, where the business rules include one or more separation of duties requirements. Upon receiving an access request from an end user of the cloud service, a determination is made if the access request to the cloud service violates any of the one or more separation of duties requirements. Based on determining that the access request to the cloud service does not violate any of the one or more separation of duties requirements, transaction with the cloud service is granted to the end user. Based on determining that the access request to the cloud service violates one of the one or more separation of duties requirements, access to the cloud service is denied to the end user.

Abstract: Context-dependent transactional management of services within a cloud environment for an organization using business rules includes generating a partitioned graph representing the organization and the business rule, where the business rules include one or more separation of duties requirements. Upon receiving an access request from an end user of the cloud service, a determination is made if the access request to the cloud service violates any of the one or more separation of duties requirements. Based on determining that the access request to the cloud service does not violate any of the one or more separation of duties requirements, transaction with the cloud service is granted to the end user. Based on determining that the access request to the cloud service violates one of the one or more separation of duties requirements, access to the cloud service is denied to the end user.

Abstract: The transfer and usage of a modulated carrier signal within a power signal on a power line communication system is described. The modulated signal comprises metadata which is transmitted at a different frequency than the transmitted power. The metadata, including such elements as energy costs, providers, renewable source status and originating location, may be used by consumers to make subsequent purchasing decisions. Additionally, the energy costs of any given computer node commonly distributed in a grid architecture may be collected by a workload dispatcher in order to make more accurate cost and energy source based dispatch decisions. The consumer may be able to communicate directly back to the power provider. The use of computer-readable medium and product containing instructions that are implemented on a computer is also covered. Finally, the invention may be deployed on behalf of the consumer by a third party service provider.

Abstract: An apparatus and method provides directory service to software applications throughout an enterprise. Directory entries are kept in a data store. A web server having one or more API's is coupled to the data store. The web server may have an API locator for selecting an appropriate API. An enterprise software application such as a purchasing or accounts payable transaction requests directory information by sending a query to an appropriate wrapper based on the programming language, protocol or format of the application. The wrapper sends the request to the appropriate API which then sends a request to the data store. A directory entry is received and returned to the enterprise.

Abstract: The transfer and usage of a modulated carrier signal within a power signal on a power line communication system is described. The modulated signal comprises metadata which is transmitted at a different frequency than the transmitted power. The metadata, including such elements as energy costs, providers, renewable source status and originating location, may be used by consumers to make subsequent purchasing decisions. Additionally, the energy costs of any given computer node commonly distributed in a grid architecture may be collected by a workload dispatcher in order to make more accurate cost and energy source based dispatch decisions. The consumer may be able to communicate directly back to the power provider. The use of computer-readable medium and product containing instructions that are implemented on a computer is also covered. Finally, the invention may be deployed on behalf of the consumer by a third party service provider.

Abstract: Disclosed is a service for displaying custom information. The service includes establishing a data connection to at least one data source, storing specific information via the data connection in the data source, and providing a data crawler to crawl said at least one data source using the stored information. The results are pushed from the data crawler to an end user for displaying a combination of the stored information and the at least one data source.

Abstract: The transfer and usage of a modulated carrier signal within a power signal on a power line communication system is described. The modulated signal comprises metadata which is transmitted at a different frequency than the transmitted power. The metadata, including such elements as energy costs, providers, renewable source status and originating location, may be used by consumers to make subsequent purchasing decisions. Additionally, the energy costs of any given computer node commonly distributed in a grid architecture may be collected by a workload dispatcher in order to make more accurate cost and energy source based dispatch decisions. The consumer may be able to communicate directly back to the power provider. The use of computer-readable medium and product containing instructions that are implemented on a computer is also covered. Finally, the invention may be deployed on behalf of the consumer by a third party service provider.

Abstract: Under the present solution, dependencies and relationships of objects are stored and are updatable by consumers and optionally manufacturers through a local UI or web interface. These dependencies and relationships are stored in a “collection profile” which describes the capabilities of objects. When a request to reduce energy is received the system can query the collection profile to determine the downstream effect of reducing energy to a single object. The collection profile will identify which other objects rely on that object and would also need to have energy reduced. Being able to identify these linkages and effects of changes across the system will be critical for good energy management.

Abstract: Energy costs for conducting compute tasks at diverse data center sites are determined and are then used to route such tasks in a most efficient manner. A given compute task is first evaluated to predict potential energy consumption. The most favorable real-time energy costs for the task are determined at the various data center sites. The likely time period of the more favorable cost as well as the stability at the data center are additional factors. A workload dispatcher then forwards the selected compute task to the data center having the most favorable real-time energy costs. Among the criteria used to select the most favorable data center is a determination that the proposed center presently has the resources for the task.

Abstract: The selection of an optimal data center location for running a computational workload is based on multiple energy criteria. The location is chosen based on multivariate and predictive analysis of total direct and indirect energy costs, and other user-defined factors. Among the direct and indirect costs are power costs and cooling costs as well as structural and other details of a given data center. Among the other factors to be considered that can have an impact on present and future costs are weather patterns, data and forecasts, availability of energy providers, and energy attributes. A forecaster factors these direct and indirect costs along with extrinsic information such as historical trends and predictive sources into a forecast which is then input to a decision engine along with user defined criteria and with anticipated compute tasks and requirements to select a final location or locations for handling the workload.