programming / coding elements / lines of code / development / developers / teamwork

Comcast open-sources xGitGuard code safety software

Posted on

Comcast is releasing a brand new software program software, xGitGuard, as an open supply undertaking to the neighborhood at giant. The software is designed to proactively search the open supply repositories of GitHub for code that was supposed to stay proprietary.

The thought behind xGitGuard is to offer an automatic technique of checking by means of GitHub repositories for code that should not be there — an necessary consideration for contemporary growth groups, given the growing utilization of open supply code. The software makes use of NLP (pure language processing) expertise, AI modeling and different superior methods to programmatically determine and validate secret code on GitHub, in addition to figuring out which developer accounts posted these secrets and techniques.

In line with Bahman Rashidi, director of Comcast’s cybersecurity and privateness engineering analysis workforce, the important thing benefit to xGitGuard is its flexibility — it may be used each retroactively, to detect secrets and techniques uploaded after the very fact, in addition to proactively, to examine code earlier than it is posted .

“Clearly, proactive is the best use case from a safety standpoint, however there’s a variety of flexibility,” Rashidi says. “The software will be utilized by each particular person customers on their servers/machines (eg, builders can even scan native information and directories) or deployed at group stage in a cloud.”

Comcast asserted that the software is greater than 90% correct in distinguishing secret code from non-secret textual content, and that the corporate has used xGitGuard for someday as a way to make the most of GitHub’s utility as a software program growth useful resource whereas conserving proprietary code separate.

“The issue that xGitGuard was designed to unravel is ubiquitous, so we thought it was an ideal candidate to make accessible open supply,” Rashidi says. “GitHub is such a significant software for builders, and so many individuals use it, that we actually hope as many individuals/small or giant organizations as doable make use of the expertise.”

It is not the corporate’s first foray into the world of open supply software program — Comcast has launched greater than 200 public repos to GitHub. Among the extra outstanding embody a content material supply community software program framework referred to as Visitors Management, an automatic server upkeep software referred to as Bynar, and a Rust-based community operate growth framework referred to as Capsule. And two extra initiatives — Prometheus dashboard accelerator software Trickster and Kubernetes cluster testing framework Kuberhealthy — have been accepted into the Cloud Native Computing Basis’s sandbox program final 12 months.

Copyright © 2022 Koderspot, Inc.