Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Securing your software supply chain
Search
Nicolas Byl
April 17, 2020
Technology
0
360
Securing your software supply chain
Nicolas Byl
April 17, 2020
Tweet
Share
More Decks by Nicolas Byl
See All by Nicolas Byl
Die Flucht aus der Prototypen-Hölle
nbyl
0
41
Lean Prototyping for Industrial-IoT Projects
nbyl
0
38
DevSecOps - Vom Unikum zur gut geölten Maschine
nbyl
0
92
Keeping-Up-WithUpstream.pdf
nbyl
0
150
Dr. Kube und der Helm - Anatomie einer CD-Pipeline
nbyl
0
110
Securing the "other" supply chain
nbyl
0
250
Kubernetes - Auf die Cluster, Fertig, Los!
nbyl
0
170
Helm - Kubernetes Deployments richtig gemacht
nbyl
0
120
It's the developers, stupid!
nbyl
0
180
Other Decks in Technology
See All in Technology
AI工学特論: MLOps・継続的評価
asei
10
2k
ML Pipelineの開発と運用を OpenTelemetryで繋ぐ @ OpenTelemetry Meetup 2025-07
getty708
0
320
MCPに潜むセキュリティリスクを考えてみる
milix_m
1
870
ecspressoの設計思想に至る道 / sekkeinight2025
fujiwara3
12
2.1k
データエンジニアがクラシルでやりたいことの現在地
gappy50
3
660
Railsの限界を超えろ!「家族アルバム みてね」の画像・動画の大規模アップロードを支えるアーキテクチャの変遷
ojima_h
4
520
From Live Coding to Vibe Coding with Firebase Studio
firebasethailand
1
310
機械学習を「社会実装」するということ 2025年夏版 / Social Implementation of Machine Learning July 2025 Version
moepy_stats
1
1.4k
RapidPen: AIエージェントによる高度なペネトレーションテスト自動化の研究開発
laysakura
1
410
モバイルゲームの開発を支える基盤の歩み ~再現性のある開発ラインを量産する秘訣~
qualiarts
0
610
スプリントレビューを効果的にするために
miholovesq
9
1.7k
隙間時間で爆速開発! Claude Code × Vibe Coding で作るマニュアル自動生成サービス
akitomonam
2
200
Featured
See All Featured
Building Adaptive Systems
keathley
43
2.7k
4 Signs Your Business is Dying
shpigford
184
22k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
45
7.5k
A Tale of Four Properties
chriscoyier
160
23k
The Power of CSS Pseudo Elements
geoffreycrofte
77
5.9k
Typedesign – Prime Four
hannesfritz
42
2.7k
Fantastic passwords and where to find them - at NoRuKo
philnash
51
3.3k
A better future with KSS
kneath
238
17k
Making the Leap to Tech Lead
cromwellryan
134
9.4k
Embracing the Ebb and Flow
colly
86
4.8k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
Transcript
Securing your software supply chain Anatomie einer DevSecOps Pipeline 1
Storytime 2
3 The way of the Code
The castle illusion 4
5 The way of the Code
6 The way of the Code
Code reviews 7
Signing git commits 8
9 The way of the Code
The dependency iceberg 10
Automation is king 11 • FindBugs • SonarQube • SAST/DAST
• Maven, NPM, ... • Container Images • Operating System • npm audit • Dependabot • Renovate Source Code Analysis Dependency Analysis Update Automation
12 The way of the Code
13 The key to the kingdom
14 Current situation deploy
15 Zero-Trust Deployment IAM deploy poll
16 Policy trumps checks IAM deploy poll
codecentric AG Kreuznacher Straße 30 60486 Frankfurt am Main Telefon:
+49 (0) 173.731 02 40 Nicolas Byl Senior Cloud Consultant
[email protected]
www.codecentric.de Innovative - Trustful - Competent - Pragmatic 17