The CONSOLE Project, now in its second year, aims to enhance cybersecurity in software development by building a unified platform for secure code analysis and workflow automation. As of Month 15, the project has achieved significant milestones, including:

• A Working Prototype: A web interface that allows users to manage projects and submit code for automated analysis.

• Integration of 17 Code Analysis Tools: These tools address various security issues such as buffer overflows, SQL injection vulnerabilities, and outdated libraries.

• Advanced Backend and Dashboard: The backend uses Docker containers to orchestrate tools while ensuring code privacy. A modern dashboard enables customisable visualisations of security insights.

• Training Platform: Developers can enhance their secure coding skills through integrated training modules.

The project has undergone pilot testing, receiving valuable feedback that is shaping its evolution into a mature, developer-friendly product.

CBRL’s Role: GitHub Integration Component

As part of the ongoing development, Cyberalytics Limited (CBRL) focuses on creating the GitHub Integration Component, a bridge between GitHub and the CONSOLE platform. This tool enhances automated workflows for code analysis, ensuring efficiency and usability for software developers.

Key Functionalities:

• Trigger Response: Automatically responds to GitHub events, such as code pushes, to initiate security analysis.

• File Management: Retrieves modified files from GitHub repositories for analysis.

• API Interaction: Facilitates secure communication between GitHub and the CONSOLE gateway to create analysis jobs.

• Standardised Processing: Packages retrieved code for consistent analysis across CONSOLE tools.

Development Approach and Progress

CBRL’s systematic approach includes:

1. Configuring API Keys: Ensuring secure authentication with GitHub and the CONSOLE gateway.

2. Setting Target Branches: Defining branches (e.g., main, develop) for automated analysis.

3. Implementation: Setting up a handler to process GitHub events and package code for analysis and implementing on demand requests to GitHub API in order to retrieve files for code analysis.

4. Testing Workflows: Establishing logging mechanisms and testing the analysis of new code pushes.

Progress so far includes completing API configurations and branch setup, with ongoing work to finalise event handling via Docker containers.

Strategic Alignment with CBRL’s Objectives

This work strengthens CBRL’s expertise in integration and automation for research and development platforms. By contributing to CONSOLE’s workflow automation, CBRL enhances its portfolio in delivering scalable integration solutions for complex systems, aligning with its commitment to advancing cybersecurity technologies.

Looking Ahead

CBRL will continue refining the GitHub Integration Component, with testing scheduled for early 2025. By collaborating closely with CONSOLE partners, CBRL is ensuring the integration supports seamless and secure workflows for developers, particularly start-ups and SMEs.