Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Securing your software supply chain
Search
Nicolas Byl
April 17, 2020
Technology
0
360
Securing your software supply chain
Nicolas Byl
April 17, 2020
Tweet
Share
More Decks by Nicolas Byl
See All by Nicolas Byl
Platform Engineering ❤️ Developer Experience
nbyl
0
2
Die Flucht aus der Prototypen-Hölle
nbyl
0
43
Lean Prototyping for Industrial-IoT Projects
nbyl
0
42
DevSecOps - Vom Unikum zur gut geölten Maschine
nbyl
0
98
Keeping-Up-WithUpstream.pdf
nbyl
0
160
Dr. Kube und der Helm - Anatomie einer CD-Pipeline
nbyl
0
120
Securing the "other" supply chain
nbyl
0
270
Kubernetes - Auf die Cluster, Fertig, Los!
nbyl
0
180
Helm - Kubernetes Deployments richtig gemacht
nbyl
0
130
Other Decks in Technology
See All in Technology
AWS Top Engineer、浮いてませんか? / As an AWS Top Engineer, Are You Out of Place?
yuj1osm
1
110
Access-what? why and how, A11Y for All - Nordic.js 2025
gdomiciano
1
120
GA technologiesでのAI-Readyの取り組み@DataOps Night
yuto16
0
280
SwiftUIのGeometryReaderとScrollViewを基礎から応用まで学び直す:設計と活用事例
fumiyasac0921
0
150
Goに育てられ開発者向けセキュリティ事業を立ち上げた僕が今向き合う、AI × セキュリティの最前線 / Go Conference 2025
flatt_security
0
350
綺麗なデータマートをつくろう_データ整備を前向きに考える会 / Let's create clean data mart
brainpadpr
2
260
データエンジニアがこの先生きのこるには...?
10xinc
0
450
実装で解き明かす並行処理の歴史
zozotech
PRO
1
540
M5製品で作るポン置きセルラー対応カメラ
sayacom
0
160
AWSにおけるTrend Vision Oneの効果について
shimak
0
130
ZOZOのAI活用実践〜社内基盤からサービス応用まで〜
zozotech
PRO
0
200
Function calling機能をPLaMo2に実装するには / PFN LLMセミナー
pfn
PRO
0
970
Featured
See All Featured
The Language of Interfaces
destraynor
162
25k
Fantastic passwords and where to find them - at NoRuKo
philnash
52
3.4k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
229
22k
How To Stay Up To Date on Web Technology
chriscoyier
791
250k
Testing 201, or: Great Expectations
jmmastey
45
7.7k
Reflections from 52 weeks, 52 projects
jeffersonlam
352
21k
Become a Pro
speakerdeck
PRO
29
5.5k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
9
960
Facilitating Awesome Meetings
lara
56
6.6k
Building Flexible Design Systems
yeseniaperezcruz
329
39k
Stop Working from a Prison Cell
hatefulcrawdad
271
21k
Producing Creativity
orderedlist
PRO
347
40k
Transcript
Securing your software supply chain Anatomie einer DevSecOps Pipeline 1
Storytime 2
3 The way of the Code
The castle illusion 4
5 The way of the Code
6 The way of the Code
Code reviews 7
Signing git commits 8
9 The way of the Code
The dependency iceberg 10
Automation is king 11 • FindBugs • SonarQube • SAST/DAST
• Maven, NPM, ... • Container Images • Operating System • npm audit • Dependabot • Renovate Source Code Analysis Dependency Analysis Update Automation
12 The way of the Code
13 The key to the kingdom
14 Current situation deploy
15 Zero-Trust Deployment IAM deploy poll
16 Policy trumps checks IAM deploy poll
codecentric AG Kreuznacher Straße 30 60486 Frankfurt am Main Telefon:
+49 (0) 173.731 02 40 Nicolas Byl Senior Cloud Consultant
[email protected]
www.codecentric.de Innovative - Trustful - Competent - Pragmatic 17