Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Securing your software supply chain

Nicolas Byl
April 17, 2020
Technology
0
310

Securing your software supply chain

Nicolas Byl

April 17, 2020
Tweet

More Decks by Nicolas Byl

See All by Nicolas Byl
Die Flucht aus der Prototypen-Hölle
nbyl
0
29
Lean Prototyping for Industrial-IoT Projects
nbyl
0
21
DevSecOps - Vom Unikum zur gut geölten Maschine
nbyl
0
81
Keeping-Up-WithUpstream.pdf
nbyl
0
110
Dr. Kube und der Helm - Anatomie einer CD-Pipeline
nbyl
0
94
Securing the "other" supply chain
nbyl
0
210
Kubernetes - Auf die Cluster, Fertig, Los!
nbyl
0
140
Helm - Kubernetes Deployments richtig gemacht
nbyl
0
110
It's the developers, stupid!
nbyl
0
140

Other Decks in Technology

See All in Technology
障害対応指揮の意思決定と情報共有における価値観 / Waroom Meetup #2
arthur1
5
470
Why does continuous profiling matter to developers? #appdevelopercon
salaboy
0
180
VideoMamba: State Space Model for Efficient Video Understanding
chou500
0
190
Evangelismo técnico: ¿qué, cómo y por qué?
trishagee
0
360
隣接領域をBeyondするFinatextのエンジニア組織設計 / beyond-engineering-areas
stajima
1
270
なぜ今 AI Agent なのか _近藤憲児
kenjikondobai
4
1.3k
【Pycon mini 東海 2024】Google Colaboratoryで試すVLM
kazuhitotakahashi
2
490
AIチャットボット開発への生成AI活用
ryomrt
0
170
Why App Signing Matters for Your Android Apps - Android Bangkok Conference 2024
akexorcist
0
120
Terraform CI/CD パイプラインにおける AWS CodeCommit の代替手段
hiyanger
1
240
Making your applications cross-environment - OSCG 2024 NA
salaboy
0
180
スクラム成熟度セルフチェックツールを作って得た学びとその活用法
coincheck_recruit
1
140

Featured

See All Featured
A Philosophy of Restraint
colly
203
16k
Typedesign – Prime Four
hannesfritz
40
2.4k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
329
21k
Optimising Largest Contentful Paint
csswizardry
33
2.9k
Gamification - CAS2011
davidbonilla
80
5k
How to Think Like a Performance Engineer
csswizardry
20
1.1k
Agile that works and the tools we love
rasmusluckow
327
21k
Bootstrapping a Software Product
garrettdimon
PRO
305
110k
It's Worth the Effort
3n
183
27k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
131
33k
Designing Experiences People Love
moore
138
23k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
10
720

Transcript

  1. Securing your software supply chain Anatomie einer DevSecOps Pipeline 1

  2. Storytime 2

  3. 3 The way of the Code

  4. The castle illusion 4

  5. 5 The way of the Code

  6. 6 The way of the Code

  7. Code reviews 7

  8. Signing git commits 8

  9. 9 The way of the Code

  10. The dependency iceberg 10

  11. Automation is king 11 • FindBugs • SonarQube • SAST/DAST

    • Maven, NPM, ... • Container Images • Operating System • npm audit • Dependabot • Renovate Source Code Analysis Dependency Analysis Update Automation

  12. 12 The way of the Code

  13. 13 The key to the kingdom

  14. 14 Current situation deploy

  15. 15 Zero-Trust Deployment IAM deploy poll

  16. 16 Policy trumps checks IAM deploy poll

  17. codecentric AG Kreuznacher Straße 30 60486 Frankfurt am Main Telefon:

    +49 (0) 173.731 02 40 Nicolas Byl Senior Cloud Consultant [email protected] www.codecentric.de Innovative - Trustful - Competent - Pragmatic 17