Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Securing your software supply chain
Search
Nicolas Byl
April 17, 2020
Technology
0
330
Securing your software supply chain
Nicolas Byl
April 17, 2020
Tweet
Share
More Decks by Nicolas Byl
See All by Nicolas Byl
Die Flucht aus der Prototypen-Hölle
nbyl
0
33
Lean Prototyping for Industrial-IoT Projects
nbyl
0
26
DevSecOps - Vom Unikum zur gut geölten Maschine
nbyl
0
83
Keeping-Up-WithUpstream.pdf
nbyl
0
130
Dr. Kube und der Helm - Anatomie einer CD-Pipeline
nbyl
0
100
Securing the "other" supply chain
nbyl
0
230
Kubernetes - Auf die Cluster, Fertig, Los!
nbyl
0
150
Helm - Kubernetes Deployments richtig gemacht
nbyl
0
120
It's the developers, stupid!
nbyl
0
160
Other Decks in Technology
See All in Technology
自動テストの世界に、この5年間で起きたこと
autifyhq
7
6.1k
リアルタイム分析データベースで実現する SQLベースのオブザーバビリティ
mikimatsumoto
0
480
現場で役立つAPIデザイン
nagix
27
8.9k
室長と気ままに学ぶマイクロソフトのビジネスアプリケーションとビジネスプロセス
ryoheig0405
0
290
まだ間に合う! エンジニアのための生成AIアプリ開発入門 on AWS
minorun365
PRO
4
560
High Performance PHP
cmuench
0
130
DeepSeek on AWS
hariby
1
210
BLEAでAWSアカウントのセキュリティレベルを向上させよう
koheiyoshikawa
0
190
日経電子版 x AIエージェントの可能性とAgentic RAGによって提案書生成を行う技術
masahiro_nishimi
1
260
データの品質が低いと何が困るのか
kzykmyzw
6
1k
プロセス改善による品質向上事例
tomasagi
0
1k
開発者が自律的に AWS Security Hub findings に 対応する仕組みと AWS re:Invent 2024 登壇体験談 / Developers autonomously report AWS Security Hub findings Corresponding mechanism and AWS re:Invent 2024 presentation experience
kaminashi
0
180
Featured
See All Featured
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
226
22k
How STYLIGHT went responsive
nonsquared
98
5.3k
Designing on Purpose - Digital PM Summit 2013
jponch
117
7.1k
Automating Front-end Workflow
addyosmani
1367
200k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
9
1.3k
YesSQL, Process and Tooling at Scale
rocio
171
14k
Making Projects Easy
brettharned
116
6k
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.3k
Rails Girls Zürich Keynote
gr2m
94
13k
Imperfection Machines: The Place of Print at Facebook
scottboms
267
13k
A Philosophy of Restraint
colly
203
16k
The Pragmatic Product Professional
lauravandoore
32
6.4k
Transcript
Securing your software supply chain Anatomie einer DevSecOps Pipeline 1
Storytime 2
3 The way of the Code
The castle illusion 4
5 The way of the Code
6 The way of the Code
Code reviews 7
Signing git commits 8
9 The way of the Code
The dependency iceberg 10
Automation is king 11 • FindBugs • SonarQube • SAST/DAST
• Maven, NPM, ... • Container Images • Operating System • npm audit • Dependabot • Renovate Source Code Analysis Dependency Analysis Update Automation
12 The way of the Code
13 The key to the kingdom
14 Current situation deploy
15 Zero-Trust Deployment IAM deploy poll
16 Policy trumps checks IAM deploy poll
codecentric AG Kreuznacher Straße 30 60486 Frankfurt am Main Telefon:
+49 (0) 173.731 02 40 Nicolas Byl Senior Cloud Consultant
[email protected]
www.codecentric.de Innovative - Trustful - Competent - Pragmatic 17