Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Securing your software supply chain
Search
Nicolas Byl
April 17, 2020
Technology
0
370
Securing your software supply chain
Nicolas Byl
April 17, 2020
Tweet
Share
More Decks by Nicolas Byl
See All by Nicolas Byl
Platform Engineering ❤️ Developer Experience
nbyl
0
19
Die Flucht aus der Prototypen-Hölle
nbyl
0
44
Lean Prototyping for Industrial-IoT Projects
nbyl
0
52
DevSecOps - Vom Unikum zur gut geölten Maschine
nbyl
0
110
Keeping-Up-WithUpstream.pdf
nbyl
0
170
Dr. Kube und der Helm - Anatomie einer CD-Pipeline
nbyl
0
130
Securing the "other" supply chain
nbyl
0
290
Kubernetes - Auf die Cluster, Fertig, Los!
nbyl
0
190
Helm - Kubernetes Deployments richtig gemacht
nbyl
0
130
Other Decks in Technology
See All in Technology
OCI Oracle Database Services新機能アップデート(2025/09-2025/11)
oracle4engineer
PRO
1
210
20251218_AIを活用した開発生産性向上の全社的な取り組みの進め方について / How to proceed with company-wide initiatives to improve development productivity using AI
yayoi_dd
0
100
エンジニアとPMのドメイン知識の溝をなくす、 AIネイティブな開発プロセス
applism118
4
1.3k
会社紹介資料 / Sansan Company Profile
sansan33
PRO
11
390k
Debugging Edge AI on Zephyr and Lessons Learned
iotengineer22
0
220
年間40件以上の登壇を続けて見えた「本当の発信力」/ 20251213 Masaki Okuda
shift_evolve
PRO
1
140
Sansanが実践する Platform EngineeringとSREの協創
sansantech
PRO
2
910
今年のデータ・ML系アップデートと気になるアプデのご紹介
nayuts
1
460
文字列の並び順 / Unicode Collation
tmtms
3
600
ExpoのインダストリーブースでみたAWSが見せる製造業の未来
hamadakoji
0
140
NIKKEI Tech Talk #41: セキュア・バイ・デザインからクラウド管理を考える
sekido
PRO
0
130
AIプラットフォームにおけるMLflowの利用について
lycorptech_jp
PRO
1
170
Featured
See All Featured
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
47
7.9k
The MySQL Ecosystem @ GitHub 2015
samlambert
251
13k
Optimising Largest Contentful Paint
csswizardry
37
3.5k
Done Done
chrislema
186
16k
Producing Creativity
orderedlist
PRO
348
40k
Fireside Chat
paigeccino
41
3.7k
Fashionably flexible responsive web design (full day workshop)
malarkey
407
66k
Designing Experiences People Love
moore
143
24k
Facilitating Awesome Meetings
lara
57
6.7k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
333
22k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
128
54k
GraphQLとの向き合い方2022年版
quramy
50
14k
Transcript
Securing your software supply chain Anatomie einer DevSecOps Pipeline 1
Storytime 2
3 The way of the Code
The castle illusion 4
5 The way of the Code
6 The way of the Code
Code reviews 7
Signing git commits 8
9 The way of the Code
The dependency iceberg 10
Automation is king 11 • FindBugs • SonarQube • SAST/DAST
• Maven, NPM, ... • Container Images • Operating System • npm audit • Dependabot • Renovate Source Code Analysis Dependency Analysis Update Automation
12 The way of the Code
13 The key to the kingdom
14 Current situation deploy
15 Zero-Trust Deployment IAM deploy poll
16 Policy trumps checks IAM deploy poll
codecentric AG Kreuznacher Straße 30 60486 Frankfurt am Main Telefon:
+49 (0) 173.731 02 40 Nicolas Byl Senior Cloud Consultant
[email protected]
www.codecentric.de Innovative - Trustful - Competent - Pragmatic 17
nbyl
oracle4engineer
yayoi_dd
applism118
sansan33
iotengineer22
shift_evolve
sansantech
nayuts
tmtms
hamadakoji
sekido
lycorptech_jp
eileencodes
samlambert
csswizardry
chrislema
orderedlist
paigeccino
malarkey
moore
lara
caitiem20
aki_iinuma
quramy
