Harbormaster Integrated Security & Compliance
Table of Contents
Security and compliance are crucial and there is no better place to consider both than from the start. Harbormaster ensures the projects it generates utilize the latest secure dependencies.
Synopsis
A software project naturally has external libraries it depends upon. Within the Harbormaster architecture, these dependencies are defined within the build process contained in a tech stack.
For instance, an Angular type tech stack will draw upon 3rd party NPM packages to help the resulting application accomplish its tasks. These libraries are application dependencies and therefore introduce the possibility of vulnerabilities and compliance violations.
A Period Of Risk

Our Solution

Unlike any other platform that produces application code, Harbormaster is based off of reusable model driven templatized reference applications or tech stack package. To maximize the security of any application resulting from Harbormaster Project Generation, each tech stack published to the platform is checked weekly. Checking a tech stack involves generating a project using a generic model, CircleCI as the CI/CD platform, an appropriate Dockerfile, and JFrog. The importance of JFrog is that the JFrog Artifactory is used as the source of application dependencies along with the repository for storing the resulting Docker image. Also, JFrog Xray is used to scan the Docker image content for high level security vulnerabilities and violations. If any are discovered, the tech stack author (e.g. devteam@harbormaster.ai, john.doe@acme.org, etc..) is notified via email with the report provided from JFrog. Importantly, the Harbormaster Platform notifies the creator of any prior projects generated with that tech stack.