CN-122018923-A - Software package management and control method, device, equipment and storage medium

Abstract

The application provides a software package management and control method, a device, equipment and a storage medium, relates to the technical field of computers, and can ensure the safety of software package files entering a software library from the source. The method comprises the steps of obtaining a software package file, carrying out software package admission detection on the software package file to obtain a detection result of the software package file, wherein the software package admission detection is used for indicating to detect the security of the software package file, and based on the detection result, putting the software package file which passes through the software package admission detection on a software library.

Inventors

• YANG KAIDE
• WEI LIMIN

Assignees

• 中国联合网络通信集团有限公司

Dates

Publication Date

20260512

Application Date

20260123

Claims (13)

1. 1. A method of software package administration, the method comprising: Acquiring a software package file; Performing software package access detection on the software package file to obtain a detection result of the software package file, wherein the software package access detection is used for indicating to detect the security of the software package file; And based on the detection result, putting the software package files which are detected by the software package admission into a software library.
2. 2. The method of claim 1, wherein said performing a package admission detection on said package file comprises one or more of: Performing sandbox detection on the software package file, wherein the sandbox detection is used for indicating that the software package file is subjected to test running in an isolated network environment; Or alternatively, the first and second heat exchangers may be, Matching the software package file with a risk software package in a historical risk software library, wherein the historical risk information matching is used for indicating that the matching is performed in the historical risk software library based on the name and/or version number of the software package file; Or alternatively, the first and second heat exchangers may be, And carrying out software package component analysis on the software package file, wherein the software package component analysis is used for indicating and analyzing an open source component and/or a security hole in the software package file.
3. 3. The method according to claim 1, wherein the method further comprises: Acquiring an application range of a software package file from the loading to the software library; And distributing the software package file based on the application range of the software package file.
4. 4. A method according to claim 3, wherein said distributing said software package files based on an application scope of said software package files comprises: Determining host account information in the application range based on the application range of the software package file, wherein the host account information is used for indicating the account information of a host in the authorization range of the software package file; And distributing the software package file to a host corresponding to the host account information.
5. 5. The method of any one of claims 1 to 4, wherein the obtaining a software package file comprises: acquiring a file to be uploaded; and carrying out file identification on the file to be uploaded to obtain the software package file.
6. 6. The method of claim 5, wherein the performing file identification on the file to be uploaded to obtain the software package file includes: and identifying and verifying the file extension and/or the header code characteristic of the file to be uploaded to obtain the software package file.
7. 7. The method according to any one of claims 1 to 4, further comprising: acquiring a risk scheduling instruction, wherein the risk scheduling instruction is used for indicating information of a software package file with risk; Analyzing the risk scheduling instruction to obtain risk file information, wherein the risk file information is used for describing risk information of a software package file by using structured data; And controlling the software package file based on the risk file information and the application state of the software package file.
8. 8. The method of claim 7, wherein the managing the software package file based on the risk file information and the application state of the software package file comprises: When the application state of the software package file meeting the risk file information is that the software package file is put on the shelf to the software library but not distributed, putting the software package file meeting the risk file information off the shelf from the software library; Or alternatively, the first and second heat exchangers may be, Displaying alarm information for indicating that the software package file has risk of being suspended for use when the application state of the software package file meeting the risk file information is that the software package file is distributed from the software library to a host computer but is not installed in the host computer; Or alternatively, the first and second heat exchangers may be, And under the condition that the application state of the software package file meeting the risk file information is installed in the host, carrying out rectification processing on the software package file in the host.
9. 9. The method of claim 7, wherein the risk file information includes one or more of an ID of a risk scheduling instruction, a name of a risk software package file, a version interval of a risk software package file, a vulnerability risk level, a type of a risk software package file, a vulnerability description, a solution, a vulnerability discovery source, or a vulnerability discovery time.
10. 10. A software package administration device, the device comprising: The acquisition module is used for acquiring the software package file; The processing module is used for carrying out software package access detection on the software package file to obtain a detection result of the software package file, wherein the software package access detection is used for indicating the detection of the security of the software package file; And the processing module is also used for putting the software package file on a software library based on the detection result.
11. 11. Computer device, characterized in that it comprises a processor and a memory in which at least one computer program is stored, at least one of which computer programs is loaded and executed by the processor to implement the software package management method according to any of claims 1 to 9.
12. 12. A computer readable storage medium having stored therein at least one computer program loaded and executed by a processor to implement the software package administration method of any one of claims 1 to 9.
13. 13. A computer program product, characterized in that it comprises a computer program or instructions which, when executed by a processor, implements the software package management method according to any of claims 1 to 9.

Description

Software package management and control method, device, equipment and storage medium Technical Field The present application relates to the field of computer technologies, and in particular, to a software package management and control method, apparatus, device, and storage medium. Background Software package management refers to the process of managing and controlling the acquisition, storage, distribution, installation and operation of software installation packages. In the related art, a hybrid management mode combining an internal private source and manual external download is adopted for management and control of a software installation package. Specifically, an internal software warehouse is built in the enterprise, and the host can directly download a software installation package from the internal software warehouse for installation. For some software installation packages that are not available in the internal software repository, the user needs to download the required software installation package from an official website or mirror station before uploading it to the internal software repository via a file transfer tool. The host computer then selects and downloads the software installation packages required for installation from the internal software repository. However, in the related art, although it is possible to implement downloading of a desired software installation package from the outside to an internal software warehouse, the obtained and downloaded software installation package may carry vulnerabilities and viruses, and the security of the software installation package entering the internal software warehouse cannot be ensured. Disclosure of Invention The application provides a software package management and control method, a device, equipment and a storage medium, which can guarantee the safety of software package files entering a software library from the source. In order to achieve the above purpose, the application adopts the following technical scheme: in a first aspect, the present application provides a software package management method, including: and acquiring a software package file. And performing software package admission detection on the software package file to obtain a detection result of the software package file. And based on the detection result, putting the software package file which is detected by the software package admission into a software library. Wherein the software package admission detection is used for indicating to detect the security of the software package file. According to the scheme provided by the application, before the software package file is selected to be put on the shelf to the software library, the software package admission detection is carried out on the software package file, and the detection result of the software package file is obtained. Under the condition that the software package file passes the software package access detection, the software package file is put on the shelf to the software library, so that the safety detection of the software package file before entering the software library is realized, the safety of the software package file put on the shelf in the software library is ensured, malicious codes, viruses or the software package file with security holes are effectively prevented from entering the software library, and the safety of the software package file entering the software library is ensured from the source. One possible implementation manner of the software package admission detection for the software package file may be specifically implemented by performing sandbox detection for the software package file. The sandbox detection is used for indicating that the software package file is subjected to test running in the isolated network environment. By carrying out sandbox detection on the software package file, the software package file can be run in an isolated network environment, and the risk information of the software package file can be effectively detected, so that the safety of the software package file before admission is ensured. In another possible implementation manner, the software package admission detection on the software package file may be specifically implemented by matching the software package file with a risk software package in a historical risk software library. The historical risk information matching is used for indicating that the matching is performed in a historical risk software library based on the name and/or version number of the software package file. By matching the software package file with the risk software package in the historical risk software library, a matching result of the software package file and the risk software package in the historical risk software library is obtained, whether the software package file belongs to the historical risk software library can be detected according to the matching result, and then quick matching and interception are realized, so t