Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Securing your software supply chain
Search
Nicolas Byl
April 17, 2020
Technology
0
330
Securing your software supply chain
Nicolas Byl
April 17, 2020
Tweet
Share
More Decks by Nicolas Byl
See All by Nicolas Byl
Die Flucht aus der Prototypen-Hölle
nbyl
0
33
Lean Prototyping for Industrial-IoT Projects
nbyl
0
24
DevSecOps - Vom Unikum zur gut geölten Maschine
nbyl
0
81
Keeping-Up-WithUpstream.pdf
nbyl
0
120
Dr. Kube und der Helm - Anatomie einer CD-Pipeline
nbyl
0
98
Securing the "other" supply chain
nbyl
0
230
Kubernetes - Auf die Cluster, Fertig, Los!
nbyl
0
150
Helm - Kubernetes Deployments richtig gemacht
nbyl
0
110
It's the developers, stupid!
nbyl
0
150
Other Decks in Technology
See All in Technology
機械学習を「社会実装」するということ 2025年版 / Social Implementation of Machine Learning 2025 Version
moepy_stats
5
1.2k
東京Ruby会議12 Ruby と Rust と私 / Tokyo RubyKaigi 12 Ruby, Rust and me
eagletmt
3
870
JuliaTokaiとJuliaLangJaの紹介 for NGK2025S
antimon2
1
120
月間60万ユーザーを抱える 個人開発サービス「Walica」の 技術スタック変遷
miyachin
1
140
Oracle Base Database Service 技術詳細
oracle4engineer
PRO
6
54k
メンバーがオーナーシップを発揮しやすいチームづくり
ham0215
2
140
今年一年で頑張ること / What I will do my best this year
pauli
1
220
[IBM TechXchange Dojo]Watson Discoveryとwatsonx.aiでRAGを実現!座学①
siyuanzh09
0
110
.NET AspireでAzure Functionsやクラウドリソースを統合する
tsubakimoto_s
0
190
2024AWSで個人的にアツかったアップデート
nagisa53
1
110
Accessibility Inspectorを活用した アプリのアクセシビリティ向上方法
hinakko
0
180
AWSマルチアカウント統制環境のすゝめ / 20250115 Mitsutoshi Matsuo
shift_evolve
0
120
Featured
See All Featured
[RailsConf 2023] Rails as a piece of cake
palkan
53
5.1k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
365
25k
Building Better People: How to give real-time feedback that sticks.
wjessup
366
19k
Raft: Consensus for Rubyists
vanstee
137
6.7k
A better future with KSS
kneath
238
17k
Fireside Chat
paigeccino
34
3.1k
The Cost Of JavaScript in 2023
addyosmani
46
7.2k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
230
52k
Designing for humans not robots
tammielis
250
25k
Typedesign – Prime Four
hannesfritz
40
2.5k
Done Done
chrislema
182
16k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
3
360
Transcript
Securing your software supply chain Anatomie einer DevSecOps Pipeline 1
Storytime 2
3 The way of the Code
The castle illusion 4
5 The way of the Code
6 The way of the Code
Code reviews 7
Signing git commits 8
9 The way of the Code
The dependency iceberg 10
Automation is king 11 • FindBugs • SonarQube • SAST/DAST
• Maven, NPM, ... • Container Images • Operating System • npm audit • Dependabot • Renovate Source Code Analysis Dependency Analysis Update Automation
12 The way of the Code
13 The key to the kingdom
14 Current situation deploy
15 Zero-Trust Deployment IAM deploy poll
16 Policy trumps checks IAM deploy poll
codecentric AG Kreuznacher Straße 30 60486 Frankfurt am Main Telefon:
+49 (0) 173.731 02 40 Nicolas Byl Senior Cloud Consultant
[email protected]
www.codecentric.de Innovative - Trustful - Competent - Pragmatic 17