Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Securing your software supply chain

F029ec9c798e4dc447cab5e76f62fa17?s=47 Nicolas Byl
April 17, 2020
Technology
0
110

Securing your software supply chain

F029ec9c798e4dc447cab5e76f62fa17?s=128

Nicolas Byl

April 17, 2020
Tweet

More Decks by Nicolas Byl

See All by Nicolas Byl
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
0
9
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
0
52
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
0
51
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
0
120
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
0
73
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
0
65
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
0
90
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
0
170
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
0
58

Other Decks in Technology

See All in Technology
012418ca05dff2e4ac6bdf3e739be4e8?s=48 minorun365
0
300
95aaab3d693889550fd2e7ae02f2f789?s=48 takaking22
1
3.3k
B3d3a2cce932eca144b8c13a63966404?s=48 alblue
1
140
317216a637255b5f667dfa4173f83ab1?s=48 watal
2
960
Ae788ab7d139931493941e42584eb456?s=48 asoviewinc
0
1.5k
Ac734fc32781678475b577944bb5a9ae?s=48 charity
1
810
79dcb04101764d7bf66f898dd446838e?s=48 tsukubachallenge
0
220
93dcbac1a838bbec898747bb92aa47cc?s=48 sadonosake
0
1.5k
36bb9dcd778d2a9621d44e92425d0907?s=48 hhiroshell
1
380
476e7a02d660b5dd640cb020ec0a9085?s=48 taka66
1
1.4k
A41b463f033e1304539253f8a663c950?s=48 moriyuya
2
440
14c35b43867f0995b8052b1a6783c721?s=48 sugitk
0
320

Featured

See All Featured
433acaea1012b25d97ae66da9b998dad?s=48 malarkey
194
9.1k
C51b39fa3c79ccb99dcb8a076bc98287?s=48 brianwarren
88
5.4k
56c4053438af8e8b90d6f53cbb7573be?s=48 jakevdp
779
210k
E43f8dfd01057f8304f5f8fb9a294d7d?s=48 jeffersonlam
336
17k
Fde6c3a50ca518a909ef35c22c0ee0e4?s=48 destraynor
224
48k
15f2b8221f247985a27a627d2ece72f0?s=48 pauljervisheath
196
16k
Af6a12710770ad9a7cfd08c97efd40d3?s=48 pedronauck
656
120k
A415db3ac9e9668acbc1fb36eead84ac?s=48 mthomps
45
2.6k
61857dafbd287b3027c4dcea9008ad3c?s=48 carmenhchung
44
2.2k
8ec1383b240b5ba15ffb9743fceb3c0e?s=48 philnash
23
1.3k
1f74b13f1e5c6c69cb5d7fbaabb1e2cb?s=48 sferik
612
56k
D47656e20ff5e42f125fc5ea0fd636c6?s=48 tmm1
64
10k

Transcript

  1. Securing your software supply chain Anatomie einer DevSecOps Pipeline 1

  2. Storytime 2

  3. 3 The way of the Code

  4. The castle illusion 4

  5. 5 The way of the Code

  6. 6 The way of the Code

  7. Code reviews 7

  8. Signing git commits 8

  9. 9 The way of the Code

  10. The dependency iceberg 10

  11. Automation is king 11 • FindBugs • SonarQube • SAST/DAST

    • Maven, NPM, ... • Container Images • Operating System • npm audit • Dependabot • Renovate Source Code Analysis Dependency Analysis Update Automation

  12. 12 The way of the Code

  13. 13 The key to the kingdom

  14. 14 Current situation deploy

  15. 15 Zero-Trust Deployment IAM deploy poll

  16. 16 Policy trumps checks IAM deploy poll

  17. codecentric AG Kreuznacher Straße 30 60486 Frankfurt am Main Telefon:

    +49 (0) 173.731 02 40 Nicolas Byl Senior Cloud Consultant nicolas.byl@codecentric.de www.codecentric.de Innovative - Trustful - Competent - Pragmatic 17