How can I validate that the objects used by BuildForge match specified certificates ?
Hi all,
Our organization currently has control of source code and objects through (RTC). We have created a Build Forge project that connects to (RTC) to extrac the objects needed for deployment. The security department has a need to validate that the objects used in the deployment are equal to the certificates. How I can do this? What techniques used by businesses that use Build Forge and (RTC) to meet the needs of the security department?
Thanks in advance
Our organization currently has control of source code and objects through (RTC). We have created a Build Forge project that connects to (RTC) to extrac the objects needed for deployment. The security department has a need to validate that the objects used in the deployment are equal to the certificates. How I can do this? What techniques used by businesses that use Build Forge and (RTC) to meet the needs of the security department?
Thanks in advance
3 answers
Hi Spencer,
To give a more specific example: We have two streams in RTC, Quality and Pre-production, this is the setting of the streams:
Stream Quality
Components(Source)
Components(Object)
Stream Pre-production
Components(Source)
Components(Object)
The Quality Team download the Object(s) to certify from the stream Quality. Then begin the quality test to verify that the objects operating according to the request. When this objects are certify the changeset from Quality Stream is transferred to Pre-Production Stream through (RTC). The security team downloads the objects in the stream Pre-Production and verify that no change in the object. The way manual to do this is verify the date and time of modification of all the objects, but, this date and time is changed by RTC when is downloaded and can't be used. Then, How we can validate bit to bit that a (ABC.DLL) object in the stream Quality is equal to another (ABC.DLL) object in the stream Pre-Production??? That is my question...
To give a more specific example: We have two streams in RTC, Quality and Pre-production, this is the setting of the streams:
Stream Quality
Components(Source)
Components(Object)
Stream Pre-production
Components(Source)
Components(Object)
The Quality Team download the Object(s) to certify from the stream Quality. Then begin the quality test to verify that the objects operating according to the request. When this objects are certify the changeset from Quality Stream is transferred to Pre-Production Stream through (RTC). The security team downloads the objects in the stream Pre-Production and verify that no change in the object. The way manual to do this is verify the date and time of modification of all the objects, but, this date and time is changed by RTC when is downloaded and can't be used. Then, How we can validate bit to bit that a (ABC.DLL) object in the stream Quality is equal to another (ABC.DLL) object in the stream Pre-Production??? That is my question...
I see now, but I don't know if it is possible to do what you describe in RTC. It would have to be a SCM command of some kind to compare the objects and I don't know that such a command exists. The closest thing I think would probably be comparing the checksum of the two class files, but that wouldn't be totally bulletproof.
Comments
Spencer Murata
FORUM MODERATOR / JAZZ DEVELOPER Jul 02 '12, 4:37 p.m.I'm not quite sure I understand. Are you saying you want to confirm that the object getting loaded from Jazz into Build Forge is the correct object? Would the SSL connection between RTC and BF be enough for that situation? I'm not sure exactly how else you would confirm that the object deployed is the same object in Jazz. The SSL connection would ensure that you are loading from the correct server, but I don't know how you would get granular enough to confirm the object is the same.