Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Securing your software supply chain

F029ec9c798e4dc447cab5e76f62fa17?s=47 Nicolas Byl
April 17, 2020
Technology
0
41

Securing your software supply chain

F029ec9c798e4dc447cab5e76f62fa17?s=128

Nicolas Byl

April 17, 2020
Tweet

More Decks by Nicolas Byl

See All by Nicolas Byl
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
0
46
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
0
42
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
0
70
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
0
69
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
0
58
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
0
86
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
0
170
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
0
47
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
1
43

Other Decks in Technology

See All in Technology
525442fc70ca92f82ae503f826956137?s=48 finengine
0
350
0d29d155ce5c5a93ed46363626da3ea7?s=48 ocise
0
170
744a38d972036c3bd0bcdaddafdd5f26?s=48 mathetake
2
210
8fa31051503b09846584c49cd53d2f80?s=48 asei
7
1.3k
8d5ec86449745c31872afc6efdaf2f0a?s=48 freedom_tk
1
170
1f7f0085220d6e48e5bdbf9b199b847c?s=48 mmclsntr
0
100
325ce6fcd0a74ff78990b8632817da55?s=48 yukihirochiba
0
2.6k
F3c727195d975cf7a4b300e4f5c2c0d1?s=48 am7cinnamon
3
550
847a328633b1df6b11cc2f72430025e6?s=48 ks91
PRO
1
130
2b680c5f22146e764e2998dd4595ec93?s=48 sue445
0
140
E10d51de51c08e913216385be87dc1ca?s=48 pongzu
1
270
64a4ba69d50590e592cd8e572454daa8?s=48 olegkovalov
1
340

Featured

See All Featured
78b475797a14c84799063c7cd073962f?s=48 holman
448
140k
2bb923c57a1fdc3a2eb484bb8d565fd2?s=48 ufuk
57
5.5k
7559f6cff1f5efc2d210965febd4d71c?s=48 bermonpainter
343
26k
E4f5d494ebdc9e7cce1aecf3ce3e8bc1?s=48 shpigford
166
19k
1f74b13f1e5c6c69cb5d7fbaabb1e2cb?s=48 sferik
612
55k
E76911cbe088e5b850d966de3fc7435b?s=48 robhawkes
53
2.9k
E190023b66e2b8aa73a842b106920c93?s=48 zenorocha
298
40k
Ecdea9b9714877b86cee08458f085481?s=48 trallard
16
890
78b475797a14c84799063c7cd073962f?s=48 holman
288
130k
11c84dff30266b907714802088852677?s=48 jasonvnalue
82
8.2k
C4de88ea47538e4594750e3861a341c8?s=48 brettharned
93
3.1k
5ce91fa49a613cbc3e20d5f96856473f?s=48 edds
56
9.4k

Transcript

  1. Securing your software supply chain Anatomie einer DevSecOps Pipeline 1

  2. Storytime 2

  3. 3 The way of the Code

  4. The castle illusion 4

  5. 5 The way of the Code

  6. 6 The way of the Code

  7. Code reviews 7

  8. Signing git commits 8

  9. 9 The way of the Code

  10. The dependency iceberg 10

  11. Automation is king 11 • FindBugs • SonarQube • SAST/DAST

    • Maven, NPM, ... • Container Images • Operating System • npm audit • Dependabot • Renovate Source Code Analysis Dependency Analysis Update Automation

  12. 12 The way of the Code

  13. 13 The key to the kingdom

  14. 14 Current situation deploy

  15. 15 Zero-Trust Deployment IAM deploy poll

  16. 16 Policy trumps checks IAM deploy poll

  17. codecentric AG Kreuznacher Straße 30 60486 Frankfurt am Main Telefon:

    +49 (0) 173.731 02 40 Nicolas Byl Senior Cloud Consultant nicolas.byl@codecentric.de www.codecentric.de Innovative - Trustful - Competent - Pragmatic 17