Securing the "other" supply chain

Securing the "other" supply chain

F029ec9c798e4dc447cab5e76f62fa17?s=128

Nicolas Byl

May 15, 2019
Tweet

Transcript

  1. 1 Nicolas Byl, DevOpsDays Zürich

  2. 2 Storytime 2 https://pxhere.com/de/photo/237

  3. 3 Checklists 3 https://pxhere.com/de/photo/1455425

  4. 4 Compliance 4

  5. 5 5

  6. 6 The castle illusion 6 https://pxhere.com/de/photo/852079

  7. 7 7

  8. 8 8 source code binary

  9. 9 Binary Authorization 9 https://pxhere.com/de/photo/662108

  10. 10 1 0 signature verify

  11. 11 build signature 1 dependency check static code analysis QA

    tests successful release manager sign-off 2 3 4 5 11 1 1 https://pxhere.com/de/photo/661983
  12. 12 Demo 1 2 https://pxhere.com/de/photo/237

  13. 13 Emergencies 1 3 https://pxhere.com/de/photo/499662

  14. 14 Logging is not enough 1 Break-glass deployments should trigger

    an action Abuse must be sanctioned A tool for emergency situations 2 3 4 14 1 4 https://pxhere.com/de/photo/33077
  15. 15 Demo 1 5 https://pxhere.com/de/photo/1140826

  16. 16 How to introduce these concepts? Blockchain? 1 6 https://pxhere.com/de/photo/237

  17. 17 nicolas.byl@codecentric.de 17 http://www.twitter.com/NicolasByl