Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Keeping-Up-WithUpstream.pdf
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Nicolas Byl
September 06, 2019
Technology
0
170
Keeping-Up-WithUpstream.pdf
Nicolas Byl
September 06, 2019
Tweet
Share
More Decks by Nicolas Byl
See All by Nicolas Byl
Platform Engineering ❤️ Developer Experience
nbyl
0
29
Die Flucht aus der Prototypen-Hölle
nbyl
0
48
Lean Prototyping for Industrial-IoT Projects
nbyl
0
67
DevSecOps - Vom Unikum zur gut geölten Maschine
nbyl
0
110
Securing your software supply chain
nbyl
0
380
Dr. Kube und der Helm - Anatomie einer CD-Pipeline
nbyl
0
140
Securing the "other" supply chain
nbyl
0
290
Kubernetes - Auf die Cluster, Fertig, Los!
nbyl
0
200
Helm - Kubernetes Deployments richtig gemacht
nbyl
0
140
Other Decks in Technology
See All in Technology
AIエージェントを開発しよう!-AgentCore活用の勘所-
yukiogawa
0
160
SREのプラクティスを用いた3領域同時 マネジメントへの挑戦 〜SRE・情シス・セキュリティを統合した チーム運営術〜
coconala_engineer
2
640
OWASP Top 10:2025 リリースと 少しの日本語化にまつわる裏話
okdt
PRO
3
720
20260208_第66回 コンピュータビジョン勉強会
keiichiito1978
0
130
学生・新卒・ジュニアから目指すSRE
hiroyaonoe
2
600
10Xにおける品質保証活動の全体像と改善 #no_more_wait_for_test
nihonbuson
PRO
2
240
M&A 後の統合をどう進めるか ─ ナレッジワーク × Poetics が実践した組織とシステムの融合
kworkdev
PRO
1
430
ClickHouseはどのように大規模データを活用したAIエージェントを全社展開しているのか
mikimatsumoto
0
230
GitLab Duo Agent Platform × AGENTS.md で実現するSpec-Driven Development / GitLab Duo Agent Platform × AGENTS.md
n11sh1
0
130
Codex 5.3 と Opus 4.6 にコーポレートサイトを作らせてみた / Codex 5.3 vs Opus 4.6
ama_ch
0
150
Data Hubグループ 紹介資料
sansan33
PRO
0
2.7k
Bedrock PolicyでAmazon Bedrock Guardrails利用を強制してみた
yuu551
0
220
Featured
See All Featured
More Than Pixels: Becoming A User Experience Designer
marktimemedia
3
320
A Modern Web Designer's Workflow
chriscoyier
698
190k
Discover your Explorer Soul
emna__ayadi
2
1.1k
A designer walks into a library…
pauljervisheath
210
24k
Six Lessons from altMBA
skipperchong
29
4.1k
Into the Great Unknown - MozCon
thekraken
40
2.3k
The Power of CSS Pseudo Elements
geoffreycrofte
80
6.2k
Intergalactic Javascript Robots from Outer Space
tanoku
273
27k
Color Theory Basics | Prateek | Gurzu
gurzu
0
200
Documentation Writing (for coders)
carmenintech
77
5.3k
Navigating Algorithm Shifts & AI Overviews - #SMXNext
aleyda
0
1.1k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
249
1.3M
Transcript
1 Nicolas Byl
2 This talk may contain fictional elements… 2 https://pxhere.com/de/photo/738184
3 Part 1 Marley’s Ghost 3 https://pxhere.com/de/photo/237
4 A few days ago, in our café… 4 https://pxhere.com/de/photo/39
5 Part 2 The ghost of DevSecOps past 5 https://pxhere.com/de/photo/237
6 At the backlog grooming… 6 https://pxhere.com/de/photo/1434201
7 “Our development environment is a production environment” 1 Management
and ownership needed for Build Server, Source Control, … Is there a pre-Dev environment? 2 3 7 7 https://pxhere.com/de/photo/1033572
8 Gathering metrics to support DevSecOps feedback loops 1 Understand
and customize metrics Action is required 2 3 8 8 https://pxhere.com/de/photo/893775
9 Part 2 The ghost of DevSecOps present 9 https://pxhere.com/de/photo/237
10 In the middle of the night… 1 0 https://pxhere.com/de/photo/1391800
11 Source Code Analysis FindBugs, SonarQube, SAST, DAST 1 Dependency
Analysis Maven, NPM, Pythin, Perl, … Operating Systems DEB, RPM, … Docker Images Anchore, clair, Aqua, snyk 2 3 4 11 1 1 https://pxhere.com/de/photo/6643025
12 Source Code Analysis FindBugs, SonarQube, SAST, DAST 1 Dependency
Analysis Maven, NPM, Pythin, Perl, … Operating Systems DEB, RPM, … Docker Images Anchore, clair, Aqua, snyk 2 3 4 12 1 2 https://pxhere.com/de/photo/893775
13 How do you notify independent teams of needed actions?
1 Separate signals from noise Consolidate update sources (GitHub / GitLab, Docker Hub, binary repositories, mailing lists, …) Internal vs. external dependencies 2 3 4 13 1 3 https://pxhere.com/de/photo/1565823
14 Prepare for failure… 1 4 https://pxhere.com/de/photo/1073983
15 GitOps as single source of truth (source code, delivery
code, infrastructure code) 1 Consider dynamic environments, record data for later analysis What was running at time X? Consider version pinning (library versions, Docker Image SHA sum) 2 3 4 15 1 5 https://pxhere.com/de/photo/137541
16 Part 3 The ghost of DevSecOps future 1 6
https://pxhere.com/de/photo/237
17 At dawn… 1 7 https://pxhere.com/de/photo/39
Avoid Tree-Ring-Projects Don’tnotify aboutupdates, provide them Keep an eye on
the current security statistics 18 https://pxhere.com/de/photo/1209019
Don’t reinvent the wheel There is a reason for spezialisation
Solve common problems with spezialized teams 19 https://pxhere.com/de/photo/1235822
Make artifacts and the whole delivery process verifiable Preserve integrity
of your binaries Use Docker Notary, Grafeas, in-toto, … 20 https://pxhere.com/de/photo/910704
Policy trumps checklists Build your policy into your runtime platform
Beware of cultural and political implications 21 https://pxhere.com/de/photo/1455413
22 Keep the ghosts away! 2 2 https://pxhere.com/de/photo/791236
23
[email protected]
23 http://www.twitter.com/NicolasByl
SiteGround - Reliable hosting with speed, security, and support you can count on.
nbyl
yukiogawa
coconala_engineer
okdt
keiichiito1978
hiroyaonoe
nihonbuson
kworkdev
mikimatsumoto
n11sh1
ama_ch
sansan33
yuu551
marktimemedia
chriscoyier
emna__ayadi
pauljervisheath
skipperchong
thekraken
geoffreycrofte
tanoku
gurzu
carmenintech
aleyda
sugarenia
![23 [email protected] 23 http://www.twitter.com/NicolasByl](https://files.speakerdeck.com/presentations/1f5bb508801e4bcab56f5cfdee5fffec/slide_22.jpg){kind=link}