Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Securing your software supply chain

Nicolas Byl
April 17, 2020
Technology
0
180

Securing your software supply chain

Nicolas Byl

April 17, 2020
Tweet

More Decks by Nicolas Byl

See All by Nicolas Byl
Lean Prototyping for Industrial-IoT Projects
nbyl
0
13
DevSecOps - Vom Unikum zur gut geölten Maschine
nbyl
0
31
Keeping-Up-WithUpstream.pdf
nbyl
0
60
Dr. Kube und der Helm - Anatomie einer CD-Pipeline
nbyl
0
63
Securing the "other" supply chain
nbyl
0
180
Kubernetes - Auf die Cluster, Fertig, Los!
nbyl
0
84
Helm - Kubernetes Deployments richtig gemacht
nbyl
0
66
It's the developers, stupid!
nbyl
0
100
Das Gruselkabinett des Dr. Kube
nbyl
0
190

Other Decks in Technology

See All in Technology
ChatGPTにR言語を教えてもらう(仮)
doradora09
1
180
PHP で学ぶ Cache の距離の話 / study_cache_with_php
hanhan1978
3
420
エラーログをAlertで引っ掛けるときにEventTimer使ってみた話
sparty
0
160
[CI/CD2023]OSSで構築するOpenAPI開発のCI/CD
xibuka
2
230
量子コンピュータ時代のプログラミングセミナー / 20230316_Amplify_seminar _route_planning_optimization
fixstars
0
170
開幕LT
makamaka
0
360
ワイヤレス電力伝送について
sbtechnight
PRO
0
430
私と Nature Remo E / Nature Remo E
orgachem
0
170
エンジニアのためのドキュメントライティング / Docs for Developers
iwashi86
22
6.8k
Wrangler って何だ?-ちょっとよく分からないのでCloudflareのCLIツールを深掘りしてみる-
kentosuzuki
0
220
権威DNSサービスへのDDoSと
ハイパフォーマンスなベンチマーカ / DNS Pseudo random subdomain attack and High performance Benchmarker
kazeburo
3
900
人生がときめく自宅ネットワークの魔法
tatematsu_san
1
300

Featured

See All Featured
Building a Modern Day 
E-commerce SEO Strategy
aleyda
7
4.9k
Why You Should Never Use an ORM
jnunemaker
PRO
49
8k
What the flash - Photography Introduction
edds
64
10k
Designing the Hi-DPI Web
ddemaree
273
33k
Designing Experiences People Love
moore
130
22k
Infographics Made Easy
chrislema
236
17k
Producing Creativity
orderedlist
PRO
335
38k
How STYLIGHT went responsive
nonsquared
89
4.2k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
121
29k
How to Ace a Technical Interview
jacobian
270
22k
Embracing the Ebb and Flow
colly
76
3.6k
GraphQLの誤解/rethinking-graphql
sonatard
39
8k

Transcript

  1. Securing your
    software supply
    chain
    Anatomie einer DevSecOps
    Pipeline
    1

    View Slide

  2. Storytime
    2

    View Slide

  3. 3
    The way of the Code

    View Slide

  4. The castle illusion
    4

    View Slide

  5. 5
    The way of the Code

    View Slide

  6. 6
    The way of the Code

    View Slide

  7. Code reviews
    7

    View Slide

  8. Signing git commits
    8

    View Slide

  9. 9
    The way of the Code

    View Slide

  10. The dependency
    iceberg
    10

    View Slide

  11. Automation is king
    11
    • FindBugs
    • SonarQube
    • SAST/DAST
    • Maven, NPM, ...
    • Container Images
    • Operating System
    • npm audit
    • Dependabot
    • Renovate
    Source Code Analysis Dependency Analysis Update Automation

    View Slide

  12. 12
    The way of the Code

    View Slide

  13. 13
    The key to the kingdom

    View Slide

  14. 14
    Current situation
    deploy

    View Slide

  15. 15
    Zero-Trust Deployment
    IAM deploy
    poll

    View Slide

  16. 16
    Policy trumps checks
    IAM deploy
    poll

    View Slide

  17. codecentric AG
    Kreuznacher Straße 30
    60486 Frankfurt am Main
    Telefon: +49 (0) 173.731 02 40
    Nicolas Byl
    Senior Cloud Consultant
    [email protected]
    www.codecentric.de
    Innovative - Trustful - Competent - Pragmatic
    17

    View Slide