WIND RIVER STUDIO: DEVELOP

Security

Wind River Studio provides a secure development environment with workflows that help accelerate the creation of innovative and secure embedded products.

A secure software factory frees developers to focus on innovation while ensuring that your company’s intellectual property is protected from external and internal threats.

Wind River® Studio leverages multiple security technologies, including role-based access control, secure account management, information and event logging, and secrets management to secure your development environment. Studio provides developers a protected environment to build secure runtime images and applications.

Automated container security scanning

Wind River employs automated container security scanning tools to protect against vulnerabilities in Studio containers. Using tools such as Trivy and Docker Bench for security allows us to identify CVEs in OS packages and containerized services early in our software development process and address them before they reach a customer environment.

Secure vault for centralized secrets management

Studio uses Vault, a tool provided by HashiCorp, for securely managing all secrets across the platform, including API keys, passwords, and certificates. Key/value pairs are encrypted prior to storage, adding an extra layer of security for data at rest.

Resources

Wind River Studio Security FAQs
What is software provenance?
Software provenance provides a chronology of the origin, development, ownership, location, and changes to an open source software component. There are often multiple sources of a component available to a developer for download. Applying software provenance best practices confirms that you are using the expected origin of the component and allows users to trace artifacts verifiably back to the source.
Can Studio be used for on-premises and cloud-based development?
Yes, developers can use Studio both on-premises and in the cloud. In some high-security or classified software projects, developers are mandated to build their products in a company-controlled environment. Regardless of where development takes place, the security objectives of Studio are consistent.
What is meant by secure in design vs. secure by design?
“Secure by design” is enabled by Studio products and the security features integrated within. This is the “what” that Wind River brings to the customer. These features should always enable the customer to be “secure by default” when they are used. “Secure in design” is realized by the customer when they integrate the security features of Wind River products to provide a layered set of defenses implemented in their offerings. This is “how” the customer applies these security features from Studio and delivers them in their products.