Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Keeping-Up-WithUpstream.pdf

Nicolas Byl
September 06, 2019
Technology
0
130

 Keeping-Up-WithUpstream.pdf

Nicolas Byl

September 06, 2019
Tweet

More Decks by Nicolas Byl

See All by Nicolas Byl
Die Flucht aus der Prototypen-Hölle
nbyl
0
35
Lean Prototyping for Industrial-IoT Projects
nbyl
0
27
DevSecOps - Vom Unikum zur gut geölten Maschine
nbyl
0
83
Securing your software supply chain
nbyl
0
330
Dr. Kube und der Helm - Anatomie einer CD-Pipeline
nbyl
0
100
Securing the "other" supply chain
nbyl
0
230
Kubernetes - Auf die Cluster, Fertig, Los!
nbyl
0
150
Helm - Kubernetes Deployments richtig gemacht
nbyl
0
120
It's the developers, stupid!
nbyl
0
160

Other Decks in Technology

See All in Technology
現場の種を事業の芽にする - エンジニア主導のイノベーションを事業戦略に装着する方法 -
kzkmaeda
2
2.1k
抽象化をするということ - 具体と抽象の往復を身につける / Abstraction and concretization
soudai
16
3.6k
エンジニアのためのドキュメント力基礎講座〜構造化思考から始めよう〜(2025/02/15jbug広島#15発表資料)
yasuoyasuo
17
6.7k
2025-02-21 ゆるSRE勉強会 Enhancing SRE Using AI
yoshiiryo1
1
320
Classmethod AI Talks(CATs) #17 司会進行スライド(2025.02.19) / classmethod-ai-talks-aka-cats_moderator-slides_vol17_2025-02-19
shinyaa31
0
120
クラウドサービス事業者におけるOSS
tagomoris
1
690
PHPカンファレンス名古屋-テックリードの経験から学んだ設計の教訓
hayatokudou
2
260
飲食店予約台帳を支えるインタラクティブ UI 設計と実装
siropaca
7
1.8k
データの品質が低いと何が困るのか
kzykmyzw
6
1.1k
Culture Deck
optfit
0
420
Platform Engineeringは自由のめまい
nwiizo
4
2.1k
7日間でハッキングをはじめる本をはじめてみませんか?_ITエンジニア本大賞2025
nomizone
2
1.8k

Featured

See All Featured
Thoughts on Productivity
jonyablonski
69
4.5k
Reflections from 52 weeks, 52 projects
jeffersonlam
348
20k
Statistics for Hackers
jakevdp
797
220k
BBQ
matthewcrist
87
9.5k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
366
25k
[RailsConf 2023] Rails as a piece of cake
palkan
53
5.2k
Product Roadmaps are Hard
iamctodd
PRO
50
11k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
40
2k
Designing for humans not robots
tammielis
250
25k
A Modern Web Designer's Workflow
chriscoyier
693
190k
Faster Mobile Websites
deanohume
306
31k
Automating Front-end Workflow
addyosmani
1368
200k

Transcript

  1. 1 Nicolas Byl

  2. 2 This talk may contain fictional elements… 2 https://pxhere.com/de/photo/738184

  3. 3 Part 1 Marley’s Ghost 3 https://pxhere.com/de/photo/237

  4. 4 A few days ago, in our café… 4 https://pxhere.com/de/photo/39

  5. 5 Part 2 The ghost of DevSecOps past 5 https://pxhere.com/de/photo/237

  6. 6 At the backlog grooming… 6 https://pxhere.com/de/photo/1434201

  7. 7 “Our development environment is a production environment” 1 Management

    and ownership needed for Build Server, Source Control, … Is there a pre-Dev environment? 2 3 7 7 https://pxhere.com/de/photo/1033572

  8. 8 Gathering metrics to support DevSecOps feedback loops 1 Understand

    and customize metrics Action is required 2 3 8 8 https://pxhere.com/de/photo/893775

  9. 9 Part 2 The ghost of DevSecOps present 9 https://pxhere.com/de/photo/237

  10. 10 In the middle of the night… 1 0 https://pxhere.com/de/photo/1391800

  11. 11 Source Code Analysis FindBugs, SonarQube, SAST, DAST 1 Dependency

    Analysis Maven, NPM, Pythin, Perl, … Operating Systems DEB, RPM, … Docker Images Anchore, clair, Aqua, snyk 2 3 4 11 1 1 https://pxhere.com/de/photo/6643025

  12. 12 Source Code Analysis FindBugs, SonarQube, SAST, DAST 1 Dependency

    Analysis Maven, NPM, Pythin, Perl, … Operating Systems DEB, RPM, … Docker Images Anchore, clair, Aqua, snyk 2 3 4 12 1 2 https://pxhere.com/de/photo/893775

  13. 13 How do you notify independent teams of needed actions?

    1 Separate signals from noise Consolidate update sources (GitHub / GitLab, Docker Hub, binary repositories, mailing lists, …) Internal vs. external dependencies 2 3 4 13 1 3 https://pxhere.com/de/photo/1565823

  14. 14 Prepare for failure… 1 4 https://pxhere.com/de/photo/1073983

  15. 15 GitOps as single source of truth (source code, delivery

    code, infrastructure code) 1 Consider dynamic environments, record data for later analysis What was running at time X? Consider version pinning (library versions, Docker Image SHA sum) 2 3 4 15 1 5 https://pxhere.com/de/photo/137541

  16. 16 Part 3 The ghost of DevSecOps future 1 6

    https://pxhere.com/de/photo/237

  17. 17 At dawn… 1 7 https://pxhere.com/de/photo/39

  18. Avoid Tree-Ring-Projects Don’tnotify aboutupdates, provide them Keep an eye on

    the current security statistics 18 https://pxhere.com/de/photo/1209019

  19. Don’t reinvent the wheel There is a reason for spezialisation

    Solve common problems with spezialized teams 19 https://pxhere.com/de/photo/1235822

  20. Make artifacts and the whole delivery process verifiable Preserve integrity

    of your binaries Use Docker Notary, Grafeas, in-toto, … 20 https://pxhere.com/de/photo/910704

  21. Policy trumps checklists Build your policy into your runtime platform

    Beware of cultural and political implications 21 https://pxhere.com/de/photo/1455413

  22. 22 Keep the ghosts away! 2 2 https://pxhere.com/de/photo/791236

  23. 23 [email protected] 23 http://www.twitter.com/NicolasByl