Saturday, April 13, 2024
HomeSECURITYThe first domestic open source repository has been launched in Russia

The first domestic open source repository has been launched in Russia

-


The first domestic open source repository has been launched in Russia

The product supports the functionality of checking for security, storage and provision of secure artifacts.

Rostelecom has developed the first repository in Russia “RTK-phoenix” A that contains packages and public libraries that have passed security checks. About it told representatives of Rostelecom.

Web resources of state bodies of the Russian Federation and Russian companies are increasingly subject to cyber attacks. One of the reasons for this is vulnerabilities in corporate applications and services developed in-house, as well as the use of open source software, which is becoming less secure. Malicious features are often embedded in Open Source, which can not only reduce the quality of the software, but also contribute to the leakage of personal data, disrupt the functioning of sites, and so on. To reduce these cyber risks, the repository was developed.

It is focused on the Russian market. At the heart of RTK-Phoenix is ​​a solution that can itself detect all third-party components, both in open source and in binary form.

“RTK-phoenix” is a repository, which is a comprehensive solution for checking Open Source packages, libraries and their storage. The product is based on the code security monitoring subsystem according to Rostelecom’s own SOC (Security Operation Center) methods, including the Solar AppScreener application code analyzer for vulnerabilities and other information security tools.

The subsystem makes a conclusion about the possibility or prohibition of using packages and libraries based on the results of their check. The software additionally checks all child, i.e. transitive open source dependencies.

The repository works in online and offline modes and supports the functionality of checking for security, storing and providing development teams with secure artifacts in maven, pypi, deb, rpm, gem, npm, nuget formats, to which php, go, dart will be added in the near future and docker.

Idea creation of a Russian open source software repository was first heard in September 2021 from Prime Minister Mikhail Mishustin. In October 2022, the Russian Foundation for the Development of Information Technologies (RFRIT) announced its involvement in the project (this is enshrined in a government decree).

The experiment to create a repository began on March 21, 2023 and will end in Q2 2024. For this purpose, the Ministry of Digital Development suggested that 1.3 billion rubles from the Rosinfokominvest fund. The recipient of these funds will be RFRIT, which will then transfer them to ANO Open Source (among the founders are VK, Rostelecom, Innopolis University, T1 group and other organizations). At the same time, the ANO will form the terms of reference for the creation of the repository.



Source link

www.securitylab.ru

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular