Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Keeping-Up-WithUpstream.pdf
Search
Nicolas Byl
September 06, 2019
Technology
0
150
Keeping-Up-WithUpstream.pdf
Nicolas Byl
September 06, 2019
Tweet
Share
More Decks by Nicolas Byl
See All by Nicolas Byl
Die Flucht aus der Prototypen-Hölle
nbyl
0
41
Lean Prototyping for Industrial-IoT Projects
nbyl
0
38
DevSecOps - Vom Unikum zur gut geölten Maschine
nbyl
0
92
Securing your software supply chain
nbyl
0
360
Dr. Kube und der Helm - Anatomie einer CD-Pipeline
nbyl
0
110
Securing the "other" supply chain
nbyl
0
250
Kubernetes - Auf die Cluster, Fertig, Los!
nbyl
0
170
Helm - Kubernetes Deployments richtig gemacht
nbyl
0
120
It's the developers, stupid!
nbyl
0
180
Other Decks in Technology
See All in Technology
「手を動かした者だけが世界を変える」ソフトウェア開発だけではない開発者人生
onishi
15
7.6k
機械学習を「社会実装」するということ 2025年夏版 / Social Implementation of Machine Learning July 2025 Version
moepy_stats
1
1.4k
Railsの限界を超えろ!「家族アルバム みてね」の画像・動画の大規模アップロードを支えるアーキテクチャの変遷
ojima_h
4
520
なぜAI時代に 「イベント」を中心に考えるのか? / Why focus on "events" in the age of AI?
ytake
2
800
ファインディにおける Dataform ブランチ戦略
hiracky16
0
210
AIエージェントを支える設計
tkikuchi1002
11
2.3k
AI人生苦節10年で会得したAIがやること_人間がやること.pdf
shibuiwilliam
1
210
Expertise as a Service via MCP
yodakeisuke
1
160
Jitera Company Deck / JP
jitera
0
250
激動の時代、新卒エンジニアはAIツールにどう向き合うか。 [LayerX Bet AI Day Countdown LT Day1 ツールの選択]
tak848
0
610
AWS表彰プログラムとキャリアについて
naoki_0531
1
140
MCPに潜むセキュリティリスクを考えてみる
milix_m
1
870
Featured
See All Featured
Fantastic passwords and where to find them - at NoRuKo
philnash
51
3.3k
A designer walks into a library…
pauljervisheath
207
24k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
126
53k
Statistics for Hackers
jakevdp
799
220k
Visualization
eitanlees
146
16k
Java REST API Framework Comparison - PWX 2021
mraible
31
8.7k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
53
2.9k
Large-scale JavaScript Application Architecture
addyosmani
512
110k
Done Done
chrislema
184
16k
The Cult of Friendly URLs
andyhume
79
6.5k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
331
22k
Building an army of robots
kneath
306
45k
Transcript
1 Nicolas Byl
2 This talk may contain fictional elements… 2 https://pxhere.com/de/photo/738184
3 Part 1 Marley’s Ghost 3 https://pxhere.com/de/photo/237
4 A few days ago, in our café… 4 https://pxhere.com/de/photo/39
5 Part 2 The ghost of DevSecOps past 5 https://pxhere.com/de/photo/237
6 At the backlog grooming… 6 https://pxhere.com/de/photo/1434201
7 “Our development environment is a production environment” 1 Management
and ownership needed for Build Server, Source Control, … Is there a pre-Dev environment? 2 3 7 7 https://pxhere.com/de/photo/1033572
8 Gathering metrics to support DevSecOps feedback loops 1 Understand
and customize metrics Action is required 2 3 8 8 https://pxhere.com/de/photo/893775
9 Part 2 The ghost of DevSecOps present 9 https://pxhere.com/de/photo/237
10 In the middle of the night… 1 0 https://pxhere.com/de/photo/1391800
11 Source Code Analysis FindBugs, SonarQube, SAST, DAST 1 Dependency
Analysis Maven, NPM, Pythin, Perl, … Operating Systems DEB, RPM, … Docker Images Anchore, clair, Aqua, snyk 2 3 4 11 1 1 https://pxhere.com/de/photo/6643025
12 Source Code Analysis FindBugs, SonarQube, SAST, DAST 1 Dependency
Analysis Maven, NPM, Pythin, Perl, … Operating Systems DEB, RPM, … Docker Images Anchore, clair, Aqua, snyk 2 3 4 12 1 2 https://pxhere.com/de/photo/893775
13 How do you notify independent teams of needed actions?
1 Separate signals from noise Consolidate update sources (GitHub / GitLab, Docker Hub, binary repositories, mailing lists, …) Internal vs. external dependencies 2 3 4 13 1 3 https://pxhere.com/de/photo/1565823
14 Prepare for failure… 1 4 https://pxhere.com/de/photo/1073983
15 GitOps as single source of truth (source code, delivery
code, infrastructure code) 1 Consider dynamic environments, record data for later analysis What was running at time X? Consider version pinning (library versions, Docker Image SHA sum) 2 3 4 15 1 5 https://pxhere.com/de/photo/137541
16 Part 3 The ghost of DevSecOps future 1 6
https://pxhere.com/de/photo/237
17 At dawn… 1 7 https://pxhere.com/de/photo/39
Avoid Tree-Ring-Projects Don’tnotify aboutupdates, provide them Keep an eye on
the current security statistics 18 https://pxhere.com/de/photo/1209019
Don’t reinvent the wheel There is a reason for spezialisation
Solve common problems with spezialized teams 19 https://pxhere.com/de/photo/1235822
Make artifacts and the whole delivery process verifiable Preserve integrity
of your binaries Use Docker Notary, Grafeas, in-toto, … 20 https://pxhere.com/de/photo/910704
Policy trumps checklists Build your policy into your runtime platform
Beware of cultural and political implications 21 https://pxhere.com/de/photo/1455413
22 Keep the ghosts away! 2 2 https://pxhere.com/de/photo/791236
23
[email protected]
23 http://www.twitter.com/NicolasByl