Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Securing your software supply chain
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Nicolas Byl
April 17, 2020
Technology
0
380
Securing your software supply chain
Nicolas Byl
April 17, 2020
Tweet
Share
More Decks by Nicolas Byl
See All by Nicolas Byl
Platform Engineering ❤️ Developer Experience
nbyl
0
29
Die Flucht aus der Prototypen-Hölle
nbyl
0
48
Lean Prototyping for Industrial-IoT Projects
nbyl
0
67
DevSecOps - Vom Unikum zur gut geölten Maschine
nbyl
0
110
Keeping-Up-WithUpstream.pdf
nbyl
0
170
Dr. Kube und der Helm - Anatomie einer CD-Pipeline
nbyl
0
140
Securing the "other" supply chain
nbyl
0
290
Kubernetes - Auf die Cluster, Fertig, Los!
nbyl
0
200
Helm - Kubernetes Deployments richtig gemacht
nbyl
0
140
Other Decks in Technology
See All in Technology
顧客との商談議事録をみんなで読んで顧客解像度を上げよう
shibayu36
0
230
モダンUIでフルサーバーレスなAIエージェントをAmplifyとCDKでサクッとデプロイしよう
minorun365
4
200
今日から始める Amazon Bedrock AgentCore
har1101
4
410
セキュリティについて学ぶ会 / 2026 01 25 Takamatsu WordPress Meetup
rocketmartue
1
300
Bill One 開発エンジニア 紹介資料
sansan33
PRO
4
17k
小さく始めるBCP ― 多プロダクト環境で始める最初の一歩
kekke_n
1
410
予期せぬコストの急増を障害のように扱う――「コスト版ポストモーテム」の導入とその後の改善
muziyoshiz
1
1.9k
Amazon Bedrock Knowledge Basesチャンキング解説!
aoinoguchi
0
140
配列に見る bash と zsh の違い
kazzpapa3
1
140
茨城の思い出を振り返る ~CDKのセキュリティを添えて~ / 20260201 Mitsutoshi Matsuo
shift_evolve
PRO
1
260
Codex 5.3 と Opus 4.6 にコーポレートサイトを作らせてみた / Codex 5.3 vs Opus 4.6
ama_ch
0
150
Data Hubグループ 紹介資料
sansan33
PRO
0
2.7k
Featured
See All Featured
Accessibility Awareness
sabderemane
0
51
Facilitating Awesome Meetings
lara
57
6.8k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
31
9.9k
Become a Pro
speakerdeck
PRO
31
5.8k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
333
22k
Pawsitive SEO: Lessons from My Dog (and Many Mistakes) on Thriving as a Consultant in the Age of AI
davidcarrasco
0
64
Avoiding the “Bad Training, Faster” Trap in the Age of AI
tmiket
0
76
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
9
1.2k
Design of three-dimensional binary manipulators for pick-and-place task avoiding obstacles (IECON2024)
konakalab
0
350
SEO for Brand Visibility & Recognition
aleyda
0
4.2k
Leadership Guide Workshop - DevTernity 2021
reverentgeek
1
200
For a Future-Friendly Web
brad_frost
182
10k
Transcript
Securing your software supply chain Anatomie einer DevSecOps Pipeline 1
Storytime 2
3 The way of the Code
The castle illusion 4
5 The way of the Code
6 The way of the Code
Code reviews 7
Signing git commits 8
9 The way of the Code
The dependency iceberg 10
Automation is king 11 • FindBugs • SonarQube • SAST/DAST
• Maven, NPM, ... • Container Images • Operating System • npm audit • Dependabot • Renovate Source Code Analysis Dependency Analysis Update Automation
12 The way of the Code
13 The key to the kingdom
14 Current situation deploy
15 Zero-Trust Deployment IAM deploy poll
16 Policy trumps checks IAM deploy poll
codecentric AG Kreuznacher Straße 30 60486 Frankfurt am Main Telefon:
+49 (0) 173.731 02 40 Nicolas Byl Senior Cloud Consultant
[email protected]
www.codecentric.de Innovative - Trustful - Competent - Pragmatic 17
nbyl
shibayu36
minorun365
har1101
rocketmartue
sansan33
kekke_n
muziyoshiz
aoinoguchi
kazzpapa3
shift_evolve
ama_ch
sabderemane
lara
eileencodes
speakerdeck
caitiem20
davidcarrasco
tmiket
irinanazarova
konakalab
aleyda
reverentgeek
brad_frost
