Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Securing your software supply chain
Search
Nicolas Byl
April 17, 2020
Technology
0
380
Securing your software supply chain
Nicolas Byl
April 17, 2020
Tweet
Share
More Decks by Nicolas Byl
See All by Nicolas Byl
Platform Engineering ❤️ Developer Experience
nbyl
0
29
Die Flucht aus der Prototypen-Hölle
nbyl
0
48
Lean Prototyping for Industrial-IoT Projects
nbyl
0
67
DevSecOps - Vom Unikum zur gut geölten Maschine
nbyl
0
110
Keeping-Up-WithUpstream.pdf
nbyl
0
170
Dr. Kube und der Helm - Anatomie einer CD-Pipeline
nbyl
0
140
Securing the "other" supply chain
nbyl
0
290
Kubernetes - Auf die Cluster, Fertig, Los!
nbyl
0
200
Helm - Kubernetes Deployments richtig gemacht
nbyl
0
140
Other Decks in Technology
See All in Technology
生成AIを活用した音声文字起こしシステムの2つの構築パターンについて
miu_crescent
PRO
2
190
OCI Database Management サービス詳細
oracle4engineer
PRO
1
7.4k
Cosmos World Foundation Model Platform for Physical AI
takmin
0
870
GitHub Issue Templates + Coding Agentで簡単みんなでIaC/Easy IaC for Everyone with GitHub Issue Templates + Coding Agent
aeonpeople
1
220
こんなところでも(地味に)活躍するImage Modeさんを知ってるかい?- Image Mode for OpenShift -
tsukaman
0
130
OpenShiftでllm-dを動かそう!
jpishikawa
0
100
What happened to RubyGems and what can we learn?
mikemcquaid
0
290
15 years with Rails and DDD (AI Edition)
andrzejkrzywda
0
190
AWS Network Firewall Proxyを触ってみた
nagisa53
1
220
Codex 5.3 と Opus 4.6 にコーポレートサイトを作らせてみた / Codex 5.3 vs Opus 4.6
ama_ch
0
150
Frontier Agents (Kiro autonomous agent / AWS Security Agent / AWS DevOps Agent) の紹介
msysh
3
170
Data Hubグループ 紹介資料
sansan33
PRO
0
2.7k
Featured
See All Featured
Pawsitive SEO: Lessons from My Dog (and Many Mistakes) on Thriving as a Consultant in the Age of AI
davidcarrasco
0
64
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
25
1.7k
Build The Right Thing And Hit Your Dates
maggiecrowley
38
3k
The Organizational Zoo: Understanding Human Behavior Agility Through Metaphoric Constructive Conversations (based on the works of Arthur Shelley, Ph.D)
kimpetersen
PRO
0
240
Git: the NoSQL Database
bkeepers
PRO
432
66k
Believing is Seeing
oripsolob
1
54
Have SEOs Ruined the Internet? - User Awareness of SEO in 2025
akashhashmi
0
270
Agile that works and the tools we love
rasmusluckow
331
21k
Leading Effective Engineering Teams in the AI Era
addyosmani
9
1.6k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
52
5.8k
Sam Torres - BigQuery for SEOs
techseoconnect
PRO
0
180
Why Your Marketing Sucks and What You Can Do About It - Sophie Logan
marketingsoph
0
74
Transcript
Securing your software supply chain Anatomie einer DevSecOps Pipeline 1
Storytime 2
3 The way of the Code
The castle illusion 4
5 The way of the Code
6 The way of the Code
Code reviews 7
Signing git commits 8
9 The way of the Code
The dependency iceberg 10
Automation is king 11 • FindBugs • SonarQube • SAST/DAST
• Maven, NPM, ... • Container Images • Operating System • npm audit • Dependabot • Renovate Source Code Analysis Dependency Analysis Update Automation
12 The way of the Code
13 The key to the kingdom
14 Current situation deploy
15 Zero-Trust Deployment IAM deploy poll
16 Policy trumps checks IAM deploy poll
codecentric AG Kreuznacher Straße 30 60486 Frankfurt am Main Telefon:
+49 (0) 173.731 02 40 Nicolas Byl Senior Cloud Consultant
[email protected]
www.codecentric.de Innovative - Trustful - Competent - Pragmatic 17
nbyl
miu_crescent
oracle4engineer
takmin
aeonpeople
tsukaman
jpishikawa
mikemcquaid
andrzejkrzywda
nagisa53
ama_ch
msysh
sansan33
davidcarrasco
honnibal
maggiecrowley
kimpetersen
bkeepers
oripsolob
akashhashmi
rasmusluckow
addyosmani
reverentgeek
techseoconnect
marketingsoph
