Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Keeping-Up-WithUpstream.pdf

Nicolas Byl
September 06, 2019
Technology
0
110

 Keeping-Up-WithUpstream.pdf

Nicolas Byl

September 06, 2019
Tweet

More Decks by Nicolas Byl

See All by Nicolas Byl
Die Flucht aus der Prototypen-Hölle
nbyl
0
29
Lean Prototyping for Industrial-IoT Projects
nbyl
0
21
DevSecOps - Vom Unikum zur gut geölten Maschine
nbyl
0
81
Securing your software supply chain
nbyl
0
310
Dr. Kube und der Helm - Anatomie einer CD-Pipeline
nbyl
0
94
Securing the "other" supply chain
nbyl
0
210
Kubernetes - Auf die Cluster, Fertig, Los!
nbyl
0
140
Helm - Kubernetes Deployments richtig gemacht
nbyl
0
110
It's the developers, stupid!
nbyl
0
140

Other Decks in Technology

See All in Technology
[CV勉強会@関東 ECCV2024 読み会] オンラインマッピング x トラッキング MapTracker: Tracking with Strided Memory Fusion for Consistent Vector HD Mapping (Chen+, ECCV24)
abemii
0
220
リンクアンドモチベーション ソフトウェアエンジニア向け紹介資料 / Introduction to Link and Motivation for Software Engineers
lmi
4
300k
透過型SMTPプロキシによる送信メールの可観測性向上: Update Edition / Improved observability of outgoing emails with transparent smtp proxy: Update edition
linyows
2
210
初心者向けAWS Securityの勉強会mini Security-JAWSを9ヶ月ぐらい実施してきての近況
cmusudakeisuke
0
120
The Role of Developer Relations in AI Product Success.
giftojabu1
0
120
SREが投資するAIOps ~ペアーズにおけるLLM for Developerへの取り組み~
takumiogawa
1
130
Terraform未経験の御様に対してどの ように導⼊を進めていったか
tkikuchi
2
430
これまでの計測・開発・デプロイ方法全部見せます! / Findy ISUCON 2024-11-14
tohutohu
3
370
隣接領域をBeyondするFinatextのエンジニア組織設計 / beyond-engineering-areas
stajima
1
270
スクラム成熟度セルフチェックツールを作って得た学びとその活用法
coincheck_recruit
1
140
AWS Lambdaと歩んだ“サーバーレス”と今後 #lambda_10years
yoshidashingo
1
170
Terraform CI/CD パイプラインにおける AWS CodeCommit の代替手段
hiyanger
1
240

Featured

See All Featured
Six Lessons from altMBA
skipperchong
27
3.5k
A Tale of Four Properties
chriscoyier
156
23k
YesSQL, Process and Tooling at Scale
rocio
169
14k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
232
17k
Building an army of robots
kneath
302
43k
A designer walks into a library…
pauljervisheath
203
24k
Scaling GitHub
holman
458
140k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
27
840
GraphQLとの向き合い方2022年版
quramy
43
13k
Measuring & Analyzing Core Web Vitals
bluesmoon
4
120
Designing the Hi-DPI Web
ddemaree
280
34k
Mobile First: as difficult as doing things right
swwweet
222
8.9k

Transcript

  1. 1 Nicolas Byl

  2. 2 This talk may contain fictional elements… 2 https://pxhere.com/de/photo/738184

  3. 3 Part 1 Marley’s Ghost 3 https://pxhere.com/de/photo/237

  4. 4 A few days ago, in our café… 4 https://pxhere.com/de/photo/39

  5. 5 Part 2 The ghost of DevSecOps past 5 https://pxhere.com/de/photo/237

  6. 6 At the backlog grooming… 6 https://pxhere.com/de/photo/1434201

  7. 7 “Our development environment is a production environment” 1 Management

    and ownership needed for Build Server, Source Control, … Is there a pre-Dev environment? 2 3 7 7 https://pxhere.com/de/photo/1033572

  8. 8 Gathering metrics to support DevSecOps feedback loops 1 Understand

    and customize metrics Action is required 2 3 8 8 https://pxhere.com/de/photo/893775

  9. 9 Part 2 The ghost of DevSecOps present 9 https://pxhere.com/de/photo/237

  10. 10 In the middle of the night… 1 0 https://pxhere.com/de/photo/1391800

  11. 11 Source Code Analysis FindBugs, SonarQube, SAST, DAST 1 Dependency

    Analysis Maven, NPM, Pythin, Perl, … Operating Systems DEB, RPM, … Docker Images Anchore, clair, Aqua, snyk 2 3 4 11 1 1 https://pxhere.com/de/photo/6643025

  12. 12 Source Code Analysis FindBugs, SonarQube, SAST, DAST 1 Dependency

    Analysis Maven, NPM, Pythin, Perl, … Operating Systems DEB, RPM, … Docker Images Anchore, clair, Aqua, snyk 2 3 4 12 1 2 https://pxhere.com/de/photo/893775

  13. 13 How do you notify independent teams of needed actions?

    1 Separate signals from noise Consolidate update sources (GitHub / GitLab, Docker Hub, binary repositories, mailing lists, …) Internal vs. external dependencies 2 3 4 13 1 3 https://pxhere.com/de/photo/1565823

  14. 14 Prepare for failure… 1 4 https://pxhere.com/de/photo/1073983

  15. 15 GitOps as single source of truth (source code, delivery

    code, infrastructure code) 1 Consider dynamic environments, record data for later analysis What was running at time X? Consider version pinning (library versions, Docker Image SHA sum) 2 3 4 15 1 5 https://pxhere.com/de/photo/137541

  16. 16 Part 3 The ghost of DevSecOps future 1 6

    https://pxhere.com/de/photo/237

  17. 17 At dawn… 1 7 https://pxhere.com/de/photo/39

  18. Avoid Tree-Ring-Projects Don’tnotify aboutupdates, provide them Keep an eye on

    the current security statistics 18 https://pxhere.com/de/photo/1209019

  19. Don’t reinvent the wheel There is a reason for spezialisation

    Solve common problems with spezialized teams 19 https://pxhere.com/de/photo/1235822

  20. Make artifacts and the whole delivery process verifiable Preserve integrity

    of your binaries Use Docker Notary, Grafeas, in-toto, … 20 https://pxhere.com/de/photo/910704

  21. Policy trumps checklists Build your policy into your runtime platform

    Beware of cultural and political implications 21 https://pxhere.com/de/photo/1455413

  22. 22 Keep the ghosts away! 2 2 https://pxhere.com/de/photo/791236

  23. 23 [email protected] 23 http://www.twitter.com/NicolasByl