公开(公告)号：US20240232354A9

公开(公告)日：2024-07-11

申请号：US18317471

申请日：2023-05-15

Applicant: Cisco Technology, Inc.

Inventor： Alexei Kravtsov ,  Giovanni Conte ,  Hendrikus G. P. Bosch

IPC: G06F21/56 ,  G06F21/57

CPC classification number: G06F21/566 ,  G06F21/577 ,  G06F2221/033

Abstract: In one embodiment, a method includes generating an application programming interface (API) definition by observing traffic. The API definition is associated with an API definition name and an API specification. The method also includes mounting the API definition with an application and deploying the application by a Continuous Integration/Continuous Delivery (CI/CD) pipeline. The method further includes implementing a runtime API and mapping the runtime API to the API definition.

公开(公告)号：US20230353593A1

公开(公告)日：2023-11-02

申请号：US18349348

申请日：2023-07-10

Applicant: Cisco Technology, Inc.

Inventor： Alexei Kravtsov ,  Idan Frimark ,  Erez Fishhimer

IPC: H04L9/40

CPC classification number: H04L63/1433 ,  H04L63/0263 ,  H04L63/105 ,  H04L63/1408 ,  H04L63/205

Abstract: In one embodiment, a method includes generating, by a pod deployment tool, a security context profile, associating, by the pod deployment tool, the security context profile with a deployment rule, and associating, by the pod deployment tool, a vulnerability level with the deployment rule. The method also includes identifying, by the pod deployment tool, pod policies associated with a pod located within a cluster of a network and analyzing, by the pod deployment tool, conditions of the deployment rule using the pod policies. The conditions may be associated with the security context profile and the vulnerability level. The method further includes determining, by the pod deployment tool, whether to allow deployment of the pod within the network in response to analyzing the conditions of the deployment rule.

公开(公告)号：US20240134979A1

公开(公告)日：2024-04-25

申请号：US18317471

申请日：2023-05-14

Applicant: Cisco Technology, Inc.

Inventor： Alexei Kravtsov ,  Giovanni Conte ,  Hendrikus G. P. Bosch

IPC: G06F21/56 ,  G06F21/57

CPC classification number: G06F21/566 ,  G06F21/577 ,  G06F2221/033

Abstract: In one embodiment, a method includes generating an application programming interface (API) definition by observing traffic. The API definition is associated with an API definition name and an API specification. The method also includes mounting the API definition with an application and deploying the application by a Continuous Integration/Continuous Delivery (CI/CD) pipeline. The method further includes implementing a runtime API and mapping the runtime API to the API definition.

公开(公告)号：US11822672B1

公开(公告)日：2023-11-21

申请号：US17335937

申请日：2021-06-01

Applicant: Cisco Technology, Inc.

Inventor： Alexei Kravtsov ,  Idan Frimark ,  Erez Fishhimer

IPC: G06F21/57 ,  G06F21/56 ,  G06F21/55 ,  G06F21/53 ,  H04L9/40

CPC classification number: G06F21/577 ,  G06F21/53 ,  G06F21/554 ,  G06F21/566 ,  H04L63/1433

Abstract: In one embodiment, a method includes extracting, by a vulnerability scanning tool, a plurality of images from one or more pods running within a cluster. The method also includes determining, by the vulnerability scanning tool, a plurality of unique images from the plurality of images, scanning, by the vulnerability scanning tool, the plurality of unique images in parallel, and detecting, by the vulnerability scanning tool, one or more vulnerabilities within the plurality of unique images in response to scanning the plurality of unique images in parallel. The method further includes determining, by the vulnerability scanning tool, a vulnerability level associated with a pod of the one or more pods and assigning, by the vulnerability scanning tool, the vulnerability level to the pod.

公开(公告)号：US11700274B1

公开(公告)日：2023-07-11

申请号：US17335848

申请日：2021-06-01

Applicant: Cisco Technology, Inc.

Inventor： Alexei Kravtsov ,  Idan Frimark ,  Erez Fishhimer

IPC: H04L9/40

CPC classification number: H04L63/1433 ,  H04L63/0263 ,  H04L63/105 ,  H04L63/1408 ,  H04L63/205

Abstract: In one embodiment, a method includes generating, by a pod deployment tool, a security context profile, associating, by the pod deployment tool, the security context profile with a deployment rule, and associating, by the pod deployment tool, a vulnerability level with the deployment rule. The method also includes identifying, by the pod deployment tool, pod policies associated with a pod located within a cluster of a network and analyzing, by the pod deployment tool, conditions of the deployment rule using the pod policies. The conditions may be associated with the security context profile and the vulnerability level. The method further includes determining, by the pod deployment tool, whether to allow deployment of the pod within the network in response to analyzing the conditions of the deployment rule.