Upgrade to Pro — share decks privately, control downloads, hide ads and more …

OMGDEVSECOPSBBQ

Coté
PRO
April 27, 2022
Technology
0
11

 OMGDEVSECOPSBBQ

What is DevSecOps?

A brief introduction SpringOne Tour Chicago.

Coté
PRO

April 27, 2022
Tweet

More Decks by Coté

See All by Coté
We Fear Change
cote
PRO
0
13
Escaping the Legacy Trap
cote
PRO
0
40
What is Tanzu? Why is Tanzu? - Deliver Cloud Native Apps Faster With VMware Tanzu Platform [VBT2074BCN]
cote
PRO
0
5
Enterprise AI for platform engineers - Building a Foundation For Enterprise AI Innovation — A VMware Tanzu Platform Story [TANB1464BCN]
cote
PRO
0
4
The Platform Contract - Developing More Robust Applications With Platform Contracts [TANB1835BCN]
cote
PRO
0
9
Developer Productivity is Waste
cote
PRO
1
120
Low Growth DevOps
cote
PRO
0
43
Developer Productivity is Waste
cote
PRO
0
190
Developer Productivity (is?) Waste - Preparing for the next wave of DevX mania.
cote
PRO
0
180

Other Decks in Technology

See All in Technology
テストコード品質を高めるためにMutation Testingライブラリ・Strykerを実戦導入してみた話
ysknsid25
7
2.6k
【Pycon mini 東海 2024】Google Colaboratoryで試すVLM
kazuhitotakahashi
2
500
【令和最新版】AWS Direct Connectと愉快なGWたちのおさらい
minorun365
PRO
5
750
エンジニア人生の拡張性を高める 「探索型キャリア設計」の提案
tenshoku_draft
1
120
VideoMamba: State Space Model for Efficient Video Understanding
chou500
0
190
OCI Security サービス 概要
oracle4engineer
PRO
0
6.5k
iOSチームとAndroidチームでブランチ運用が違ったので整理してます
sansantech
PRO
0
130
Incident Response Practices: Waroom's Features and Future Challenges
rrreeeyyy
0
160
20241120_JAWS_東京_ランチタイムLT#17_AWS認定全冠の先へ
tsumita
2
250
ドメイン名の終活について - JPAAWG 7th -
mikit
33
20k
Platform Engineering for Software Developers and Architects
syntasso
1
520
Can We Measure Developer Productivity?
ewolff
1
150

Featured

See All Featured
Building Better People: How to give real-time feedback that sticks.
wjessup
364
19k
Visualization
eitanlees
145
15k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
665
120k
Git: the NoSQL Database
bkeepers
PRO
427
64k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
42
9.2k
Reflections from 52 weeks, 52 projects
jeffersonlam
346
20k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
38
1.8k
The Pragmatic Product Professional
lauravandoore
31
6.3k
How to Ace a Technical Interview
jacobian
276
23k
A Philosophy of Restraint
colly
203
16k
Fireside Chat
paigeccino
34
3k
Learning to Love Humans: Emotional Interface Design
aarron
273
40k

Transcript

  1. Confidential │ ©2022 VMware, Inc. OMGDEVSECOPSBBQ @cote VMWare Tanzu

  2. Confidential │ ©2022 VMware, Inc. Confidential │ ©2022 VMware, Inc.

    52% 70% 49% 29% 24% 46% 65% 43% 25% 18% 59% 52% 38% 30% 16% 14% 5% Meeting Security & Compliance Requirements Inadequate Internal Experience & Expertise Difficult to Integrate With Current Infrastructure Insufficient Documentation No Clear Ownership Lack of App Mobility No Challenges What challenges has your organization encountered in DEPLOYING Kubernetes? Choose all that apply. 2020 2021 2022 Source: State of Kubernetes 2022, VMware Tanzu. @cote

  3. Confidential │ ©2022 VMware, Inc. Confidential │ ©2022 VMware, Inc.

    Secure Software Supply Chain Shift Left (Culture) Security as a Product Confidential │ ©2022 VMware, Inc.

  4. Confidential │ ©2022 VMware, Inc. 4 A simple supply chain

  5. Confidential │ ©2022 VMware, Inc. 5 Supply Chain Attacks

  6. Confidential │ ©2022 VMware, Inc. Confidential │ ©2022 VMware, Inc.

    Shift Left means increasing collaboration between development & security PEOPLE

  7. Confidential │ ©2022 VMware, Inc. Confidential │ ©2022 VMware, Inc.

    A product mind-set meets the organization’s goals by learning & adapting frequently

  8. Confidential │ ©2022 VMware, Inc. 8 Security as a Platform

    – Guardrails, Templates, Desire Paths Tanzu Application Platform Catalogs Services Provisioning and Binding API Portal App and Workflows Accelerators App Live View Tanzu CLI and IDE Plugins Dev Tooling UI Plugins Self-hosted / SaaS Developer Productivity Tools Pipeline Service Build Service Convention Service Security Tools App Delivery Supply Chain Choreography Knative Runtime K8s Jobs Batch Runtime Streaming Runtime Cloud Native Runtimes Tanzu Kubernetes Grid / Any conformant K8s cluster Hybrid Cloud Public Cloud Edge Sources: VMware Tanzu Application Platform; “The Adaptive Enterprise: Can Your Application Platform Cope with a Crisis?” Forrester, et. al., Jan 2022. Tanzu Labs Services Tanzu Mission Control Tanzu Observability Tanzu Service Mesh

  9. Confidential │ ©2022 VMware, Inc. Confidential │ ©2022 VMware, Inc.

    Sources: US “Department of Defense Enterprise DevSecOps Reference Design: Multi-Cluster CNC F Kubernetes,” Sep, 2021. Also, see Tracy Miranda's DevOps Loop 2022 talk, "Blueprint for Secure OSS Supply Chains." If the US Army can secure it, you can too

  10. Confidential │ ©2022 VMware, Inc. 10 Coté @cote | http://cote.io

    | [email protected]