Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Keeping-Up-WithUpstream.pdf
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Nicolas Byl
September 06, 2019
Technology
190
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Keeping-Up-WithUpstream.pdf
Nicolas Byl
September 06, 2019
More Decks by Nicolas Byl
See All by Nicolas Byl
Platform Engineering ❤️ Developer Experience
nbyl
0
55
Die Flucht aus der Prototypen-Hölle
nbyl
0
57
Lean Prototyping for Industrial-IoT Projects
nbyl
0
76
DevSecOps - Vom Unikum zur gut geölten Maschine
nbyl
0
120
Securing your software supply chain
nbyl
0
390
Dr. Kube und der Helm - Anatomie einer CD-Pipeline
nbyl
0
150
Securing the "other" supply chain
nbyl
0
320
Kubernetes - Auf die Cluster, Fertig, Los!
nbyl
0
220
Helm - Kubernetes Deployments richtig gemacht
nbyl
0
150
Other Decks in Technology
See All in Technology
Foundry Toolkit + Lemonade Serverでローカルワークフロー開発
seosoft
0
110
AIは、人間らしい仕事の夢を見るか?─ AI時代のtoB/toEプロダクトを再設計する
techtekt
PRO
0
160
クラウドファンディング版StackChan 3体(4体)をインタラクティブな体験型作品にして展示もした話 / スタックチャンお誕生日会2026
you
PRO
0
250
Microsoft のサポートとフィードバック総まとめ
murachiakira
PRO
0
120
トークン最適化のためのユーザーストーリー分析 / User Story Analysis for Token Optimization
oomatomo
0
130
GitHub Copilot運用のリアル ~AI Credit時代にどう向き合うか~
takafumisu2uk1
0
520
NDIAS CTF 2026 問題解説会資料
bata_24
0
110
“詰む”前に仕組みを作れ 〜技術の波に溺れないためのキャッチアップ術〜
takasyou
7
4.5k
なぜ人は自分のプロジェクトを 「なんちゃってアジャイル」と 自嘲するのか
kozotaira
0
170
Agile and AI Redmine Japan 2026
hiranabe
4
510
組織における AI-DLC 実践
askul
0
180
FinOps X 2026 Recap from Engineer Side #JapanFinOps
chacco38
0
110
Featured
See All Featured
Why Your Marketing Sucks and What You Can Do About It - Sophie Logan
marketingsoph
0
180
Kristin Tynski - Automating Marketing Tasks With AI
techseoconnect
PRO
0
280
Why Mistakes Are the Best Teachers: Turning Failure into a Pathway for Growth
auna
0
170
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
4.3k
Scaling GitHub
holman
464
140k
Imperfection Machines: The Place of Print at Facebook
scottboms
270
14k
職位にかかわらず全員がリーダーシップを発揮するチーム作り / Building a team where everyone can demonstrate leadership regardless of position
madoxten
62
55k
Self-Hosted WebAssembly Runtime for Runtime-Neutral Checkpoint/Restore in Edge–Cloud Continuum
chikuwait
0
620
The AI Revolution Will Not Be Monopolized: How open-source beats economies of scale, even for LLMs
inesmontani
PRO
3
3.5k
Avoiding the “Bad Training, Faster” Trap in the Age of AI
tmiket
0
180
Heart Work Chapter 1 - Part 1
lfama
PRO
8
36k
Technical Leadership for Architectural Decision Making
baasie
3
420
Transcript
1 Nicolas Byl
2 This talk may contain fictional elements… 2 https://pxhere.com/de/photo/738184
3 Part 1 Marley’s Ghost 3 https://pxhere.com/de/photo/237
4 A few days ago, in our café… 4 https://pxhere.com/de/photo/39
5 Part 2 The ghost of DevSecOps past 5 https://pxhere.com/de/photo/237
6 At the backlog grooming… 6 https://pxhere.com/de/photo/1434201
7 “Our development environment is a production environment” 1 Management
and ownership needed for Build Server, Source Control, … Is there a pre-Dev environment? 2 3 7 7 https://pxhere.com/de/photo/1033572
8 Gathering metrics to support DevSecOps feedback loops 1 Understand
and customize metrics Action is required 2 3 8 8 https://pxhere.com/de/photo/893775
9 Part 2 The ghost of DevSecOps present 9 https://pxhere.com/de/photo/237
10 In the middle of the night… 1 0 https://pxhere.com/de/photo/1391800
11 Source Code Analysis FindBugs, SonarQube, SAST, DAST 1 Dependency
Analysis Maven, NPM, Pythin, Perl, … Operating Systems DEB, RPM, … Docker Images Anchore, clair, Aqua, snyk 2 3 4 11 1 1 https://pxhere.com/de/photo/6643025
12 Source Code Analysis FindBugs, SonarQube, SAST, DAST 1 Dependency
Analysis Maven, NPM, Pythin, Perl, … Operating Systems DEB, RPM, … Docker Images Anchore, clair, Aqua, snyk 2 3 4 12 1 2 https://pxhere.com/de/photo/893775
13 How do you notify independent teams of needed actions?
1 Separate signals from noise Consolidate update sources (GitHub / GitLab, Docker Hub, binary repositories, mailing lists, …) Internal vs. external dependencies 2 3 4 13 1 3 https://pxhere.com/de/photo/1565823
14 Prepare for failure… 1 4 https://pxhere.com/de/photo/1073983
15 GitOps as single source of truth (source code, delivery
code, infrastructure code) 1 Consider dynamic environments, record data for later analysis What was running at time X? Consider version pinning (library versions, Docker Image SHA sum) 2 3 4 15 1 5 https://pxhere.com/de/photo/137541
16 Part 3 The ghost of DevSecOps future 1 6
https://pxhere.com/de/photo/237
17 At dawn… 1 7 https://pxhere.com/de/photo/39
Avoid Tree-Ring-Projects Don’tnotify aboutupdates, provide them Keep an eye on
the current security statistics 18 https://pxhere.com/de/photo/1209019
Don’t reinvent the wheel There is a reason for spezialisation
Solve common problems with spezialized teams 19 https://pxhere.com/de/photo/1235822
Make artifacts and the whole delivery process verifiable Preserve integrity
of your binaries Use Docker Notary, Grafeas, in-toto, … 20 https://pxhere.com/de/photo/910704
Policy trumps checklists Build your policy into your runtime platform
Beware of cultural and political implications 21 https://pxhere.com/de/photo/1455413
22 Keep the ghosts away! 2 2 https://pxhere.com/de/photo/791236
23
[email protected]
23 http://www.twitter.com/NicolasByl