| CPC G06F 21/577 (2013.01) [G06F 2221/033 (2013.01)] | 20 Claims |
|
1. An apparatus comprising:
a memory configured to store:
a plurality of pre-trained code changes;
a plurality of threats associated to the plurality of pre-trained code changes;
a plurality of weights associated to the plurality of threats;
a release number threshold; and
a threat confidence threshold; and
a processor communicatively coupled to the memory, wherein the processor is configured to:
receive application inventory for each of a plurality of versions of an application code, wherein the plurality of versions of the application code include an original version of the application code, a current version of the application code, and a new version of the application code and wherein the application inventory includes a code change between the current version of the application code and the new version of the application code;
determine a plurality of correlations for the application code based at least on the received application inventories associated with each version of the plurality of versions of the application code, wherein the correlations include an inventory for an original version of the application code and a threat level associated with the original version of the application code;
receive a plurality of code changes associated with the new version of the application code;
determine a plurality of new potential threats for the new version of the application code based at least on the plurality of code changes and the plurality of pre-trained code changes, wherein the plurality of pre-trained code changes includes the plurality of correlations for the application code;
determine a new potential threat score based on the plurality of new potential threats of the new version of the application code and a current potential threat score of a current version of the application code;
determine a plurality of new pre-determined threats for the new version of the application code based on a self-service threat model of the new version of the application code;
determine a new pre-determined threat score based on the plurality of new pre-determined threats of the new version of the application code and a current pre-determined threat score of the current version of the application code;
determine a threat confidence level based on the new potential threat score and the new pre-determined threat score;
determine a number of releases since a latest threat model creation and review;
compare the number of releases to the release number threshold;
in response to the number of releases being greater than or equal to the release number threshold, compare the threat confidence level to the threat confidence threshold; and
in response to the threat confidence level being less than the threat confidence threshold, send a notification that a threat model creation and review are needed before deploying the new version of the application code.
|