Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Securing your software supply chain

Avatar for Nicolas Byl Nicolas Byl
April 17, 2020
Technology
0
360

Securing your software supply chain

Avatar for Nicolas Byl

Nicolas Byl

April 17, 2020
Tweet

More Decks by Nicolas Byl

See All by Nicolas Byl
Die Flucht aus der Prototypen-Hölle
Avatar for Nicolas Byl nbyl
0
42
Lean Prototyping for Industrial-IoT Projects
Avatar for Nicolas Byl nbyl
0
38
DevSecOps - Vom Unikum zur gut geölten Maschine
Avatar for Nicolas Byl nbyl
0
94
Keeping-Up-WithUpstream.pdf
Avatar for Nicolas Byl nbyl
0
160
Dr. Kube und der Helm - Anatomie einer CD-Pipeline
Avatar for Nicolas Byl nbyl
0
120
Securing the "other" supply chain
Avatar for Nicolas Byl nbyl
0
260
Kubernetes - Auf die Cluster, Fertig, Los!
Avatar for Nicolas Byl nbyl
0
180
Helm - Kubernetes Deployments richtig gemacht
Avatar for Nicolas Byl nbyl
0
120
It's the developers, stupid!
Avatar for Nicolas Byl nbyl
0
190

Other Decks in Technology

See All in Technology
つくって納得、つかって実感! 大規模言語モデルことはじめ
Avatar for Recruit recruitengineers
PRO
18
3.8k
サイボウズフロントエンドの横断活動から考える AI時代にできること
Avatar for mugi / Hajime Mugishima mugi_uno
4
1.4k
.NET開発者のためのAzureの概要
Avatar for tomokusaba tomokusaba
0
230
VPC Latticeのサービスエンドポイント機能を使用した複数VPCアクセス
Avatar for k-kun duelist2020jp
0
180
アジャイルテストで高品質のスプリントレビューを
Avatar for Shigeki Shoji takesection
0
110
JOAI発表資料 @ 関東kaggler会
Avatar for 日本人工知能オリンピック joai_committee
1
240
Go で言うところのアレは TypeScript で言うとコレ / Kyoto.なんか #7
Avatar for Susisu susisu
2
760
Preferred Networks (PFN) とLLM Post-Training チームの紹介 / 第4回 関東Kaggler会 スポンサーセッション
Avatar for Preferred Networks pfn
PRO
1
170
自社製CMSからmicroCMSへのリプレースがプロダクトグロースを加速させた話
Avatar for nextbeat-engineer nextbeatdev
0
110
KiroでGameDay開催してみよう(準備編)
Avatar for Yuuuuuuu yuuuuuuu168
1
120
あとはAIに任せて人間は自由に生きる
Avatar for Kentaro Kuribayashi kentaro
3
1.1k
TypeScript入門
Avatar for Recruit recruitengineers
PRO
3
180

Featured

See All Featured
Fireside Chat
Avatar for paigeccino paigeccino
39
3.6k
The MySQL Ecosystem @ GitHub 2015
Avatar for Sam Lambert samlambert
251
13k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
Avatar for Eileen M. Uchitelle eileencodes
36
2.5k
The Cost Of JavaScript in 2023
Avatar for Addy Osmani addyosmani
53
8.8k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
Avatar for Stéphanie Walter stephaniewalter
283
13k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
Avatar for soudai sone soudai
PRO
183
54k
Why Our Code Smells
Avatar for Brandon Keepers bkeepers
PRO
338
57k
Art, The Web, and Tiny UX
Avatar for Lynn Fisher lynnandtonic
302
21k
The Power of CSS Pseudo Elements
Avatar for Geoffrey Crofte geoffreycrofte
77
5.9k
Save Time (by Creating Custom Rails Generators)
Avatar for Garrett Dimon garrettdimon
PRO
32
1.4k
Dealing with People You Can't Stand - Big Design 2015
Avatar for Cassini Nazir cassininazir
367
26k
Why You Should Never Use an ORM
Avatar for John Nunemaker jnunemaker
PRO
59
9.5k

Transcript

  1. Securing your software supply chain Anatomie einer DevSecOps Pipeline 1

  2. Storytime 2

  3. 3 The way of the Code

  4. The castle illusion 4

  5. 5 The way of the Code

  6. 6 The way of the Code

  7. Code reviews 7

  8. Signing git commits 8

  9. 9 The way of the Code

  10. The dependency iceberg 10

  11. Automation is king 11 • FindBugs • SonarQube • SAST/DAST

    • Maven, NPM, ... • Container Images • Operating System • npm audit • Dependabot • Renovate Source Code Analysis Dependency Analysis Update Automation

  12. 12 The way of the Code

  13. 13 The key to the kingdom

  14. 14 Current situation deploy

  15. 15 Zero-Trust Deployment IAM deploy poll

  16. 16 Policy trumps checks IAM deploy poll

  17. codecentric AG Kreuznacher Straße 30 60486 Frankfurt am Main Telefon:

    +49 (0) 173.731 02 40 Nicolas Byl Senior Cloud Consultant [email protected] www.codecentric.de Innovative - Trustful - Competent - Pragmatic 17