New Security Features in DevNet Automation Exchange

The DevNet Automation Exchange platform gathers shared code repositories related to Cisco and open source technologies for domains in security, networking, cloud, IoT, collaboration, mobility, and data center. Use cases on the exchange cover scenarios for automation, monitoring, telemetry, and network automation. Our Exchange management team does its best to check security metrics and vulnerabilities in all submissions before delivering code to the community. We are on the way to merging our two platforms, Code Exchange and Automation Exchange.

Security tools in DevNet Automation Exchange

“Shift left security” means enabling developers to address security concerns earlier in the development process. To facilitate this shift, we have integrated two additional security features into the Exchange submission process – Scorecard and KubeClarity.

• Scorecard – Security health metrics maintained by the Open Source Security Foundation. The scorecard analyzes topics issues such as dependencies, license files, contributors, code-review, CI-tests, and security p As a result, you get a score for each case, reason, and related link.

Scorecard security health metrics

• KubeClarity is an open source tool for detecting and managing Software Bill Of Materials (SBOM) as well as container images and filesystems vulnerabilities.

KubeClarity vulnerability report

Now, these tools are integrated into the submission workflow.  Once we have evaluated a new use case submission, we send all analytics and security reports to the submitter.

For Exchange submitters this automation can help make their applications more secure.

For Exchange users (e.g., developers, DevOps, infrastructure engineers, partners, clients, Cisco SE’s) we can propose secure Exchange use cases that they can use independently in client infrastructure, or cloud, or as part of a larger project.

You can discover and search apps, projects, and code samples for your needs. As we together repo from the community, we also ask developers and engineers to submit their projects to the platform.

About Automation Exchange code space

Exchange Code Space is an interactive environment that you can open with your browser, edit source code, and deploy related code samples/run scripts.

How does it work? After you click the “try it out!” button, you will be redirected to the interactive environment. In this Code Space Dev environment, you can open and edit the repo’s source code besides deploying the app or running the script.

We are on the way to merging our two platforms, Code Exchange and Automation Exchange. For now, Code Space is supported for these code samples:

In code samples, we also add related credentials or API Keys to interact with DevNet Sandbox, and you can use it for demo purposes or paste other credentials. Just navigate to “deploy in Cisco Exchange dev environment” and deploy your app.

Next, in Code Space you can do:

• VS Code for editing and interaction with source code.
• Terminal with access to an environment with pre-installed Python, where you can run related commands.
• Exposing an External URL for access to the internal IP Address of an Application or service. Users can use it for interaction with App graphical interface, webhook service, and WebSockets.

Submit your repo… get these benefits

By submitting your repo to the DevNet Automation Exchange you can get these benefits:

• Verification of compliance with the basic Readme requirements
• Validate and test your prerequisites, installation, and usage instructions
• We test all repos using DevNet Sandbox, or using resources and workflow that you provide. Usually, we can test your repo on different operation systems
• We also look at your code and can suggest some improvements (when the qualifications and experience of our reviewers allow it)

We’d love to hear what you think. Ask a question or leave a comment below.
And stay connected with Cisco DevNet on social!

LinkedIn | Twitter @CiscoDevNet | Facebook | YouTube Channel

Share: