Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Securing the "other" supply chain

Securing the "other" supply chain

Nicolas Byl

May 15, 2019
Tweet

More Decks by Nicolas Byl

Other Decks in Technology

Transcript

  1. 1
    Nicolas Byl, DevOpsDays Zürich

    View Slide

  2. 2
    Storytime
    2
    https://pxhere.com/de/photo/237

    View Slide

  3. 3
    Checklists
    3
    https://pxhere.com/de/photo/1455425

    View Slide

  4. 4
    Compliance
    4

    View Slide

  5. 5
    5

    View Slide

  6. 6
    The castle illusion
    6
    https://pxhere.com/de/photo/852079

    View Slide

  7. 7
    7

    View Slide

  8. 8
    8
    source code binary

    View Slide

  9. 9
    Binary Authorization
    9
    https://pxhere.com/de/photo/662108

    View Slide

  10. 10
    1
    0
    signature
    verify

    View Slide

  11. 11
    build signature
    1
    dependency check
    static code analysis
    QA tests successful
    release manager sign-off
    2
    3
    4
    5
    11
    1
    1
    https://pxhere.com/de/photo/661983

    View Slide

  12. 12
    Demo
    1
    2
    https://pxhere.com/de/photo/237

    View Slide

  13. 13
    Emergencies
    1
    3
    https://pxhere.com/de/photo/499662

    View Slide

  14. 14
    Logging is not enough
    1
    Break-glass deployments should trigger an action
    Abuse must be sanctioned
    A tool for emergency situations
    2
    3
    4
    14
    1
    4
    https://pxhere.com/de/photo/33077

    View Slide

  15. 15
    Demo
    1
    5
    https://pxhere.com/de/photo/1140826

    View Slide

  16. 16
    How to introduce
    these concepts?
    Blockchain?
    1
    6
    https://pxhere.com/de/photo/237

    View Slide

  17. 17
    [email protected]
    17
    http://www.twitter.com/NicolasByl

    View Slide