DevSecOps - Vom Unikum zur gut geölten Maschine

Nicolas Byl

December 08, 2021

Tweet

More Decks by Nicolas Byl

See All by Nicolas Byl

Platform Engineering ❤️ Developer Experience

0

29

Die Flucht aus der Prototypen-Hölle

0

48

Lean Prototyping for Industrial-IoT Projects

0

67

Securing your software supply chain

0

380

Keeping-Up-WithUpstream.pdf

0

170

Dr. Kube und der Helm - Anatomie einer CD-Pipeline

0

140

Securing the "other" supply chain

0

290

Kubernetes - Auf die Cluster, Fertig, Los!

0

200

Helm - Kubernetes Deployments richtig gemacht

0

140

Other Decks in Technology

See All in Technology

生成AIを活用した音声文字起こしシステムの2つの構築パターンについて

PRO

3

220

Cloud Runでコロプラが挑む生成AI×ゲーム『神魔狩りのツクヨミ』の裏側

0

140

制約が導く迷わない設計〜信頼性と運用性を両立するマイナンバー管理システムの実践〜

3

1k

22nd ACRi Webinar - NTT Kawahara-san's slide

0

100

30万人の同時アクセスに耐えたい！新サービスの盤石なリリースを支える負荷試験 / SRE Kaigi 2026

4

1.4k

SREじゃなかった僕らがenablingを通じて「SRE実践者」になるまでのリアル / SRE Kaigi 2026

6

2.6k

【Ubie】AIを活用した広告アセット「爆速」生成事例 | AI_Ops_Community_Vol.2

1

120

AIエージェントを開発しよう！-AgentCore活用の勘所-

0

190

Cosmos World Foundation Model Platform for Physical AI

0

980

ClickHouseはどのように大規模データを活用したAIエージェントを全社展開しているのか

0

270

顧客との商談議事録をみんなで読んで顧客解像度を上げよう

0

320

SchooでVue.js/Nuxtを技術選定している理由

3

210

Featured

See All Featured

How to train your dragon (web standard)

97

6.5k

Into the Great Unknown - MozCon

40

2.3k

0

450

Collaborative Software Design: How to facilitate domain modelling decisions

0

140

It's Worth the Effort

188

29k

The Limits of Empathy - UXLibs8

1

220

How To Stay Up To Date on Web Technology

791

250k

エンジニアに許された特別な時間の終わり

106

230k

AI: The stuff that nobody shows you

PRO

2

270

AI Search: Where Are We & What Can We Do About It?

0

7k

Noah Learner - AI + Me: how we built a GSC Bulk Export data pipeline

PRO

0

110

The State of eCommerce SEO: How to Win in Today's Products SERPs - #SEOweek

2

9.6k

Transcript

1 NICOLAS BYL DEVSECOPS VOM UNIKUM ZUR GUT GEÖLTEN MASCHINE
2 INTRODUCTION
3 THE DEVSECOPS CYCLE
4 THE CASTLE ILLUSION
5 THE DEVSECOPS CYCLE
6 THE DEVSECOPS CYCLE
7 SECURE ARCHITECTURE
8 THREAT MODELLING
9 COMPLIANCE
10 PENTESTS
11 THE DEVSECOPS CYCLE
12 DESIGN PATTERNS
13 PRE-COMMIT HOOKS
14 CODE REVIEWS
15 COMMIT SIGNING
16 THE DEVSECOPS CYCLE
17 THE DEPENDENCY ICEBERG
18 AUTOMATION IS KING SOURCE CODE ANALYSIS • FindBugs •
SonarQube • SAST • DAST SOURCE CODE ANALYSIS DEPENDENCY ANALYSIS • Maven, npm, ... • Container Images • Operating System Packages UPDATE AUTOMATION • npm audit • Dependabot • Renovate
19 THE DEVSECOPS CYCLE
20 POLICY OVER CHECKLISTS
21 THE KEY TO THE KINGDOM
22 ZERO-TRUST DEPLOYMENT
23 ROLLER COASTER PASSWORDS
24 INVENTORY SCANS
25 FIRE DRILLS & CHAOS ENGINEERING
26 HOW TO GET IN TOUCH [email protected] @ClusterBauer https://www.nexineer.io/career/ WE
ARE ALWAYS LOOKING FOR GREAT COLLEAGUES…
27 PATCHING Sicheres Artefakt Artefakt mit bekannter Schwachstelle Scanning Patching