Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Securing your software supply chain
Search
Nicolas Byl
April 17, 2020
Technology
0
360
Securing your software supply chain
Nicolas Byl
April 17, 2020
Tweet
Share
More Decks by Nicolas Byl
See All by Nicolas Byl
Die Flucht aus der Prototypen-Hölle
nbyl
0
43
Lean Prototyping for Industrial-IoT Projects
nbyl
0
40
DevSecOps - Vom Unikum zur gut geölten Maschine
nbyl
0
97
Keeping-Up-WithUpstream.pdf
nbyl
0
160
Dr. Kube und der Helm - Anatomie einer CD-Pipeline
nbyl
0
120
Securing the "other" supply chain
nbyl
0
270
Kubernetes - Auf die Cluster, Fertig, Los!
nbyl
0
180
Helm - Kubernetes Deployments richtig gemacht
nbyl
0
120
It's the developers, stupid!
nbyl
0
190
Other Decks in Technology
See All in Technology
自作JSエンジンに推しプロポーザルを実装したい!
sajikix
1
170
ZOZOマッチのアーキテクチャと技術構成
zozotech
PRO
3
1.5k
Autonomous Database - Dedicated 技術詳細 / adb-d_technical_detail_jp
oracle4engineer
PRO
4
10k
Rustから学ぶ 非同期処理の仕組み
skanehira
1
130
機械学習を扱うプラットフォーム開発と運用事例
lycorptech_jp
PRO
0
230
会社紹介資料 / Sansan Company Profile
sansan33
PRO
6
380k
共有と分離 - Compose Multiplatform "本番導入" の設計指針
error96num
2
410
allow_retry と Arel.sql / allow_retry and Arel.sql
euglena1215
1
160
Automating Web Accessibility Testing with AI Agents
maminami373
0
1.3k
LLMを搭載したプロダクトの品質保証の模索と学び
qa
0
1k
Firestore → Spanner 移行 を成功させた段階的移行プロセス
athug
1
470
2つのフロントエンドと状態管理
mixi_engineers
PRO
3
100
Featured
See All Featured
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
162
15k
How STYLIGHT went responsive
nonsquared
100
5.8k
jQuery: Nuts, Bolts and Bling
dougneiner
64
7.9k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
188
55k
The Straight Up "How To Draw Better" Workshop
denniskardys
236
140k
[RailsConf 2023] Rails as a piece of cake
palkan
57
5.8k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
16k
VelocityConf: Rendering Performance Case Studies
addyosmani
332
24k
YesSQL, Process and Tooling at Scale
rocio
173
14k
Large-scale JavaScript Application Architecture
addyosmani
512
110k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
15
1.6k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
252
21k
Transcript
Securing your software supply chain Anatomie einer DevSecOps Pipeline 1
Storytime 2
3 The way of the Code
The castle illusion 4
5 The way of the Code
6 The way of the Code
Code reviews 7
Signing git commits 8
9 The way of the Code
The dependency iceberg 10
Automation is king 11 • FindBugs • SonarQube • SAST/DAST
• Maven, NPM, ... • Container Images • Operating System • npm audit • Dependabot • Renovate Source Code Analysis Dependency Analysis Update Automation
12 The way of the Code
13 The key to the kingdom
14 Current situation deploy
15 Zero-Trust Deployment IAM deploy poll
16 Policy trumps checks IAM deploy poll
codecentric AG Kreuznacher Straße 30 60486 Frankfurt am Main Telefon:
+49 (0) 173.731 02 40 Nicolas Byl Senior Cloud Consultant
[email protected]
www.codecentric.de Innovative - Trustful - Competent - Pragmatic 17
nbyl
sajikix
zozotech
oracle4engineer
skanehira
lycorptech_jp
sansan33
error96num
euglena1215
maminami373
qa
athug
mixi_engineers
sstephenson
nonsquared
dougneiner
soudai
denniskardys
palkan
afnizarnur
addyosmani
rocio
reverentgeek
smashingmag
