Securing your software supply chain

F029ec9c798e4dc447cab5e76f62fa17?s=47 Nicolas Byl
April 17, 2020
Technology
0
35

Securing your software supply chain

F029ec9c798e4dc447cab5e76f62fa17?s=128

Nicolas Byl

April 17, 2020
Tweet

More Decks by Nicolas Byl

See All by Nicolas Byl
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
0
40
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
0
38
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
0
47
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
0
64
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
0
52
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
0
83
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
0
150
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
0
40
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
1
43

Other Decks in Technology

See All in Technology
344128574661d939ea4cfe969823b774?s=48 syamauchi
0
140
467edb2e221a47426f19405f53aa51ca?s=48 nakaly
5
2.6k
1ae8fc4f63ab4770dd4545006489234c?s=48 yukinaga
2
410
Ee6254efe6c4bc4c08967c11d4939245?s=48 kotetuco
2
150
Cbc297b07593321e52c75a9ebcc0f843?s=48 jacopen
5
690
34fcd5f1deeb25b1138e9845137feb6e?s=48 kakutani
11
1.2k
Cd931bc05e7cee46b9a950a63e47ba4c?s=48 you
0
130
8dcda8b27872ba7f0288f39752697660?s=48 kenwakamatsu
0
310
C422cc033079e005fd1aa1b845b099da?s=48 meow_noisy
0
110
253ab1300a7e9526141c2f15d3cb4ae7?s=48 shinpy
0
110
652359244199b2b5108a5e09c027e0da?s=48 ykanazawa
0
130
F400611942a8b7a695f741f9a720fcf8?s=48 koooootake
9
1k

Featured

See All Featured
A16eb159db895e3b01d3dc95767ad595?s=48 jonyablonski
6
630
245cee81a9c424266e5e401d844ea881?s=48 lara
169
9.2k
245cee81a9c424266e5e401d844ea881?s=48 lara
13
2.3k
78b475797a14c84799063c7cd073962f?s=48 holman
459
270k
25c7c18223fb42a4c6ae1c8db6f50f9b?s=48 mojombo
356
62k
E6c6e133e74c3b83f04d2861deaa1c20?s=48 searls
202
35k
Dafc4723e9a1c067796c0fec6f509774?s=48 lemiorhan
621
40k
016edace78ffe826f2348d1e0c504afd?s=48 maggiecrowley
5
250
761be20b5ebd271008bcee1244fc5b52?s=48 matthewcrist
70
7k
3ab1249be442027903e1180025340b3f?s=48 reverentgeek
165
6.8k
Ecdea9b9714877b86cee08458f085481?s=48 trallard
9
380
64827b31aef81498662e8af4bd6d5157?s=48 jonrohan
1020
360k

Transcript

  1. Securing your software supply chain Anatomie einer DevSecOps Pipeline 1

  2. Storytime 2

  3. 3 The way of the Code

  4. The castle illusion 4

  5. 5 The way of the Code

  6. 6 The way of the Code

  7. Code reviews 7

  8. Signing git commits 8

  9. 9 The way of the Code

  10. The dependency iceberg 10

  11. Automation is king 11 • FindBugs • SonarQube • SAST/DAST

    • Maven, NPM, ... • Container Images • Operating System • npm audit • Dependabot • Renovate Source Code Analysis Dependency Analysis Update Automation

  12. 12 The way of the Code

  13. 13 The key to the kingdom

  14. 14 Current situation deploy

  15. 15 Zero-Trust Deployment IAM deploy poll

  16. 16 Policy trumps checks IAM deploy poll

  17. codecentric AG Kreuznacher Straße 30 60486 Frankfurt am Main Telefon:

    +49 (0) 173.731 02 40 Nicolas Byl Senior Cloud Consultant nicolas.byl@codecentric.de www.codecentric.de Innovative - Trustful - Competent - Pragmatic 17