DevSecOps - Vom Unikum zur gut geölten Maschine

December 08, 2021

100

DevSecOps - Vom Unikum zur gut geölten Maschine

Nicolas Byl

December 08, 2021

Tweet

More Decks by Nicolas Byl

See All by Nicolas Byl

Platform Engineering ❤️ Developer Experience

0

13

Die Flucht aus der Prototypen-Hölle

0

43

Lean Prototyping for Industrial-IoT Projects

0

44

Securing your software supply chain

0

370

Keeping-Up-WithUpstream.pdf

0

160

Dr. Kube und der Helm - Anatomie einer CD-Pipeline

0

120

Securing the "other" supply chain

0

270

Kubernetes - Auf die Cluster, Fertig, Los!

0

190

Helm - Kubernetes Deployments richtig gemacht

0

130

Other Decks in Technology

See All in Technology

AI連携の新常識！話題のMCPをはじめて学ぶ！

0

180

猫でもわかるAmazon Q Developer CLI 解体新書

1

300

Raycast AI APIを使ってちょっと便利なAI拡張機能を作ってみた

0

240

ざっくり学ぶ『エンジニアリングリーダー技術組織を育てるリーダーシップとセルフマネジメント』 / 50 minute Engineering Leader

8

4.3k

現場の壁を乗り越えて、「計装注入」が拓くオブザーバビリティ / Beyond the Field Barriers: Instrumentation Injection and the Future of Observability

PRO

1

890

NOT A HOTEL SOFTWARE DECK (2025/11/06)

0

2.1k

Digitization部紹介資料

PRO

1

5.8k

マルチエージェントのチームビルディング_2025-10-25

0

250

Open Table Format (OTF) が必要になった背景とその機能 (2025.10.28)

3

620

組織全員で向き合うAI Readyなデータ利活用

5

2.1k

AI時代の発信活動～技術者として認知してもらうための発信法～ / 20251028 Masaki Okuda

PRO

1

140

短期間でRAGシステムを実現　お客様と歩んだ生成AI内製化への道のり

1

170

Featured

See All Featured

Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure

48

9.7k

Learning to Love Humans: Emotional Interface Design

274

41k

Music & Morning Musume

46

6.9k

Faster Mobile Websites

310

31k

A Tale of Four Properties

161

23k

GraphQLとの向き合い方2022年版

49

14k

I Don’t Have Time: Getting Over the Fear to Launch Your Podcast

34

2.5k

30

1.3k

How to train your dragon (web standard)

97

6.3k

10 Git Anti Patterns You Should be Aware of

PRO

658

61k

Git: the NoSQL Database

PRO

431

66k

The Pragmatic Product Professional

36

7k

Transcript

1 NICOLAS BYL DEVSECOPS VOM UNIKUM ZUR GUT GEÖLTEN MASCHINE
2 INTRODUCTION
3 THE DEVSECOPS CYCLE
4 THE CASTLE ILLUSION
5 THE DEVSECOPS CYCLE
6 THE DEVSECOPS CYCLE
7 SECURE ARCHITECTURE
8 THREAT MODELLING
9 COMPLIANCE
10 PENTESTS
11 THE DEVSECOPS CYCLE
12 DESIGN PATTERNS
13 PRE-COMMIT HOOKS
14 CODE REVIEWS
15 COMMIT SIGNING
16 THE DEVSECOPS CYCLE
17 THE DEPENDENCY ICEBERG
18 AUTOMATION IS KING SOURCE CODE ANALYSIS • FindBugs •
SonarQube • SAST • DAST SOURCE CODE ANALYSIS DEPENDENCY ANALYSIS • Maven, npm, ... • Container Images • Operating System Packages UPDATE AUTOMATION • npm audit • Dependabot • Renovate
19 THE DEVSECOPS CYCLE
20 POLICY OVER CHECKLISTS
21 THE KEY TO THE KINGDOM
22 ZERO-TRUST DEPLOYMENT
23 ROLLER COASTER PASSWORDS
24 INVENTORY SCANS
25 FIRE DRILLS & CHAOS ENGINEERING
26 HOW TO GET IN TOUCH [email protected] @ClusterBauer https://www.nexineer.io/career/ WE
ARE ALWAYS LOOKING FOR GREAT COLLEAGUES…
27 PATCHING Sicheres Artefakt Artefakt mit bekannter Schwachstelle Scanning Patching