Software Vulnerability Management in Cloud
Flexera, United States
Software Vulnerability Management (SVM) is one of product offerings at Flexera to helps its enterprise customers build software with reduced security risk. It is offered as Cloud Edition and an On-Premise Edition. Using this solution companies assess, prioritize and fix vulnerabilities in their codebases before the risk starts increasing. Both Cloud and On-Premise editions of SVM are available to customers with built in modules for
Initial configuration to set up the account, account directories, password policies and disk - partitions.
Code scanning using either installable agent or remote scan using Cloud Edition.
Assessment of Vulnerability Priorities
Patching via Vendor Path Module
Policy Manager to configure internal Compliance Policy Rules to associate with customer account
Extensive Reporting with Dashboards for threat intelligence and maintenance.
Apache Solr Cloud
Micro Services Design and Implementation
The enterprise customers should be able to use Cloud Edition of SVM product, perform the scanning and get the actionable reports.
To access cloud edition of SVM, there should be mechanisms in place for target hosts to be authenticated for remote scanning in an agent-less manner.
SVM product should be able to send requests to the internal services, get the information for the various open source software components, their digest files, versions, licenses, vulnerabilities.
Design and implement microservices to handle client requests from within the SVM product.
Achieve fast response time to code scanning queries.
De-normalized the data from SQL databases and tokenized them into documents that could be searched using Apache Solr.
Worked on configuration, setup and generation of Solr indexes for open source software components and their metadata. This helped achieve fast search capabilities over millions of documents in the collections.
Developed Node.js based services for authentication and querying so they could serve as an entry point for customers to leverage Vulnerability Management Solution.
Achieved service discovery and registration on AWS cloud with the use of open source library Eureka from Netflix and deployed Eureka servers on AWS EC2 machines.
Created docker images and leveraged docker containers to run microservices on limited EC2 machines to reduce the hardware and deployment cost.
Implemented load balancing strategies with the use of proxy services.
Extensively used AWS for deployments, CodeCommit source control service to push and collaborate on code, CloudWatch for Service monitoring, Amazon S3 and EBS
Prototyped Solr infrastructure using SolrCloud.
Collaborated remotely with teams based out of San Francisco during the development and maintenance of Cloud infrastructure
This solution was successfully developed and deployed on Cloud.
The solution turned out be cost effective since multiple services could run inside docker containers on a single EC2 machine and the testing did not need dedicated EC2 instances either.
The company was able to offer Cloud offering of SVM product to its enterprise customers.
The team had 3 Engineers, 1 Engineering Manager, 1 Product Manager based out of San Francisco Bay Area