Software risk control method and system for software development

摘要

A computer system, method, or computer readable medium controls potentially unacceptable software components (215, 231) directed to the software repository (227). A predefined application or repository policy (223, 225A, 225B) associated with the repository or application predefines the risks (217, 219) and the actions to be taken for each risk. An action can be a pass action or a pass action, and is a predefined program step defined in a policy. If the component (215) is not new to the repository (227) or application, the component passes for normal processing. If the component (231) is new, the risk that matches the software component (231) is determined, and the matching risk is defined in the predefined policy (223, 225A, 225B). , The action is done. The passing action may include adding a software component (231) to the software repository (227). Actions that do not pass are performed for components that do not pass because they are potentially unacceptable software components.