Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Securing your software supply chain
Search
Nicolas Byl
April 17, 2020
Technology
0
330
Securing your software supply chain
Nicolas Byl
April 17, 2020
Tweet
Share
More Decks by Nicolas Byl
See All by Nicolas Byl
Die Flucht aus der Prototypen-Hölle
nbyl
0
35
Lean Prototyping for Industrial-IoT Projects
nbyl
0
27
DevSecOps - Vom Unikum zur gut geölten Maschine
nbyl
0
83
Keeping-Up-WithUpstream.pdf
nbyl
0
130
Dr. Kube und der Helm - Anatomie einer CD-Pipeline
nbyl
0
100
Securing the "other" supply chain
nbyl
0
230
Kubernetes - Auf die Cluster, Fertig, Los!
nbyl
0
150
Helm - Kubernetes Deployments richtig gemacht
nbyl
0
120
It's the developers, stupid!
nbyl
0
160
Other Decks in Technology
See All in Technology
個人開発から公式機能へ: PlaywrightとRailsをつなげた3年の軌跡
yusukeiwaki
11
3k
オブザーバビリティの観点でみるAWS / AWS from observability perspective
ymotongpoo
8
1.5k
Classmethod AI Talks(CATs) #16 司会進行スライド(2025.02.12) / classmethod-ai-talks-aka-cats_moderator-slides_vol16_2025-02-12
shinyaa31
0
110
目の前の仕事と向き合うことで成長できる - 仕事とスキルを広げる / Every little bit counts
soudai
24
7.1k
技術負債の「予兆検知」と「状況異変」のススメ / Technology Dept
i35_267
1
1.1k
Amazon S3 Tablesと外部分析基盤連携について / Amazon S3 Tables and External Data Analytics Platform
nttcom
0
130
分解して理解する Aspire
nenonaninu
1
110
『衛星データ利用の方々にとって近いようで触れる機会のなさそうな小話 ~ 衛星搭載ソフトウェアと衛星運用ソフトウェア (実物) を動かしながらわいわいする編 ~』 @日本衛星データコミニティ勉強会
meltingrabbit
0
140
Nekko Cloud、 これまでとこれから ~学生サークルが作る、 小さなクラウド
logica0419
2
960
Platform Engineeringは自由のめまい
nwiizo
4
2.1k
白金鉱業Meetup Vol.17_あるデータサイエンティストのデータマネジメントとの向き合い方
brainpadpr
5
740
関東Kaggler会LT: 人狼コンペとLLM量子化について
nejumi
3
580
Featured
See All Featured
The Cult of Friendly URLs
andyhume
78
6.2k
A Modern Web Designer's Workflow
chriscoyier
693
190k
Building a Scalable Design System with Sketch
lauravandoore
461
33k
Practical Orchestrator
shlominoach
186
10k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
32
2.1k
How to Think Like a Performance Engineer
csswizardry
22
1.3k
Designing for Performance
lara
604
68k
Designing Experiences People Love
moore
140
23k
A Tale of Four Properties
chriscoyier
158
23k
Writing Fast Ruby
sferik
628
61k
KATA
mclloyd
29
14k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
33
2.1k
Transcript
Securing your software supply chain Anatomie einer DevSecOps Pipeline 1
Storytime 2
3 The way of the Code
The castle illusion 4
5 The way of the Code
6 The way of the Code
Code reviews 7
Signing git commits 8
9 The way of the Code
The dependency iceberg 10
Automation is king 11 • FindBugs • SonarQube • SAST/DAST
• Maven, NPM, ... • Container Images • Operating System • npm audit • Dependabot • Renovate Source Code Analysis Dependency Analysis Update Automation
12 The way of the Code
13 The key to the kingdom
14 Current situation deploy
15 Zero-Trust Deployment IAM deploy poll
16 Policy trumps checks IAM deploy poll
codecentric AG Kreuznacher Straße 30 60486 Frankfurt am Main Telefon:
+49 (0) 173.731 02 40 Nicolas Byl Senior Cloud Consultant
[email protected]
www.codecentric.de Innovative - Trustful - Competent - Pragmatic 17
nbyl
yusukeiwaki
ymotongpoo
shinyaa31
soudai
i35_267
nttcom
nenonaninu
meltingrabbit
logica0419
nwiizo
brainpadpr
nejumi
andyhume
chriscoyier
lauravandoore
shlominoach
jcasabona
csswizardry
lara
moore
sferik
mclloyd
eileencodes
