Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Speaker Deck
PRO
Sign in
Sign up for free
Securing your software supply chain
Nicolas Byl
April 17, 2020
Technology
0
130
Securing your software supply chain
Nicolas Byl
April 17, 2020
Tweet
Share
More Decks by Nicolas Byl
See All by Nicolas Byl
Lean Prototyping for Industrial-IoT Projects
nbyl
0
8
DevSecOps - Vom Unikum zur gut geölten Maschine
nbyl
0
17
Keeping-Up-WithUpstream.pdf
nbyl
0
56
Dr. Kube und der Helm - Anatomie einer CD-Pipeline
nbyl
0
58
Securing the "other" supply chain
nbyl
0
140
Kubernetes - Auf die Cluster, Fertig, Los!
nbyl
0
80
Helm - Kubernetes Deployments richtig gemacht
nbyl
0
65
It's the developers, stupid!
nbyl
0
97
Das Gruselkabinett des Dr. Kube
nbyl
0
180
Other Decks in Technology
See All in Technology
サイバー攻撃を想定したクラウドネイティブセキュリティガイドラインとCNAPP及びSecurity Observabilityの未来
syoshie
1
880
やってみたLT会 Fleet Managerのススメ
yukiiiiikuma
PRO
0
370
ここが好きだよAWS管理ポリシー_devio2022/i_am_iam_lover
yukihirochiba
0
3k
DevelopersIO 2022 俺のTerraform Pipeline
takakuni
0
420
インフラのテストに VPC Reachability Analyzer は外せないという話
nulabinc
PRO
2
680
Goで実装するブランドネットワークとの接続ポイント
pongzu
2
260
AWS CLI でやってみる ~ AWS Hands-on for Beginners ECS ハンズオン ~
kentosuzuki
1
160
Djangoで組織とユーザーの権限管理をやってみよう #devio2022
seiichi1101
0
370
セキュアなTerraformの使い方 ~ 機密情報をコードに含めず環境構築するにはどうしたらいいの?
harukasakihara
8
1.3k
データをコネコネ!メール配信用データ生成の仕組み
kappezoro
0
110
AWSを始める人に向けた 7つの大切なこと / 7 tips for AWS beginners
hiranofumio
1
630
A3-1 IBM Championが本音で語る「IBM Cloud」
kolinz
0
300
Featured
See All Featured
Web development in the modern age
philhawksworth
197
9.3k
jQuery: Nuts, Bolts and Bling
dougneiner
56
6.4k
Robots, Beer and Maslow
schacon
152
7.1k
ParisWeb 2013: Learning to Love: Crash Course in Emotional UX Design
dotmariusz
100
5.9k
Building Better People: How to give real-time feedback that sticks.
wjessup
344
17k
Fashionably flexible responsive web design (full day workshop)
malarkey
396
62k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
226
15k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
119
28k
Six Lessons from altMBA
skipperchong
14
1.4k
How New CSS Is Changing Everything About Graphic Design on the Web
jensimmons
213
11k
Bootstrapping a Software Product
garrettdimon
296
110k
What the flash - Photography Introduction
edds
62
10k
Transcript
Securing your software supply chain Anatomie einer DevSecOps Pipeline 1
Storytime 2
3 The way of the Code
The castle illusion 4
5 The way of the Code
6 The way of the Code
Code reviews 7
Signing git commits 8
9 The way of the Code
The dependency iceberg 10
Automation is king 11 • FindBugs • SonarQube • SAST/DAST
• Maven, NPM, ... • Container Images • Operating System • npm audit • Dependabot • Renovate Source Code Analysis Dependency Analysis Update Automation
12 The way of the Code
13 The key to the kingdom
14 Current situation deploy
15 Zero-Trust Deployment IAM deploy poll
16 Policy trumps checks IAM deploy poll
codecentric AG Kreuznacher Straße 30 60486 Frankfurt am Main Telefon:
+49 (0) 173.731 02 40 Nicolas Byl Senior Cloud Consultant nicolas.byl@codecentric.de www.codecentric.de Innovative - Trustful - Competent - Pragmatic 17
nbyl
syoshie
yukiiiiikuma
yukihirochiba
takakuni
nulabinc
pongzu
kentosuzuki
seiichi1101
harukasakihara
kappezoro
hiranofumio
kolinz
philhawksworth
dougneiner
schacon
dotmariusz
wjessup
malarkey
marcelosomers
eileencodes
skipperchong
jensimmons
garrettdimon
edds
