Rostelecom: RTK-Phoenix

RTK-Phoenix is a secure repository that is a comprehensive solution for verifying open source packages, libraries and storing them. Heart product - a subsystem for monitoring code security according to its own methods SOC "," Rostelecom including the most current version Solar AppScreener and other market tools. information security Russia The subsystem concludes that it is possible or impossible to use packages and libraries based on the results of their verification. ON additionally checks all children, that is, transitive open-source dependencies.

2023: Creation of a trusted repository "RTK-Phoenix"

On June 23, 2023, Rostelecom informed TAdviser about the creation of a trusted RTK-Phoenix repository, which is checked for the security of open source packages and libraries used in software development.

Rostelecom has created a secure open-source library repository

Recently, the number cyber attacks of web resources state agencies RUSSIAN FEDERATION and domestic companies has been growing. This is most often due to vulnerabilities enterprise applications and services of its own design, as well as ON open use, source code the use of which is becoming less and less secure. Open Source It often includes harmful opportunities that can not only worsen the work of software, but also provoke, personal data leaks disrupt the work of sites, and so on. RTK-Phoenix was created to reduce these cyber risks.

The repository works in online and offline modes and supports the functionality of checking for security, storing and providing teams with secure artifacts in maven, pypi, deb, rpm, gem, npm, nuget formats, to which php, go, dart and docker will be added in the near future.

The secure repository was created for use within the company, but given the need for such functionality for all software developers in Russia, we decided to bring RTK-Phoenix into the external circuit. I would also like to note the presence of functions special for the information security market in the product, such as checking all dependencies of the open-source libraries used. In addition, when moving to work with our repository, it will not be necessary to make changes to the current development processes, said Kirill Menshov, Senior Vice President for Information Technology at Rostelecom.

{{quote 'author = noted by Igor Lyapunov, General Director of Rostelecom-Solar LLC.|Creating a secure repository has become a logical continuation of our ecosystem of products introduced into secure development processes. The synergy of static, dynamic and component analyses allows our customers to effectively solve business problems using only proven applications. We offer the market not just technology, but a comprehensive ecosystem solution that will independently detect all third-party components, both open source and binary, }}