Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Securing your software supply chain
Search
Nicolas Byl
April 17, 2020
Technology
0
380
Securing your software supply chain
Nicolas Byl
April 17, 2020
Tweet
Share
More Decks by Nicolas Byl
See All by Nicolas Byl
Platform Engineering ❤️ Developer Experience
nbyl
0
29
Die Flucht aus der Prototypen-Hölle
nbyl
0
48
Lean Prototyping for Industrial-IoT Projects
nbyl
0
67
DevSecOps - Vom Unikum zur gut geölten Maschine
nbyl
0
110
Keeping-Up-WithUpstream.pdf
nbyl
0
170
Dr. Kube und der Helm - Anatomie einer CD-Pipeline
nbyl
0
140
Securing the "other" supply chain
nbyl
0
290
Kubernetes - Auf die Cluster, Fertig, Los!
nbyl
0
200
Helm - Kubernetes Deployments richtig gemacht
nbyl
0
140
Other Decks in Technology
See All in Technology
GSIが複数キー対応したことで、俺達はいったい何が嬉しいのか?
smt7174
3
150
Ruby版 JSXのRuxが気になる
sansantech
PRO
0
150
予期せぬコストの急増を障害のように扱う――「コスト版ポストモーテム」の導入とその後の改善
muziyoshiz
1
1.8k
CDKで始めるTypeScript開発のススメ
tsukuboshi
1
390
Sansan Engineering Unit 紹介資料
sansan33
PRO
1
3.8k
Data Hubグループ 紹介資料
sansan33
PRO
0
2.7k
超初心者からでも大丈夫!オープンソース半導体の楽しみ方〜今こそ!オレオレチップをつくろう〜
keropiyo
0
110
コスト削減から「セキュリティと利便性」を担うプラットフォームへ
sansantech
PRO
3
1.5k
名刺メーカーDevグループ 紹介資料
sansan33
PRO
0
1k
Greatest Disaster Hits in Web Performance
guaca
0
230
Contract One Engineering Unit 紹介資料
sansan33
PRO
0
13k
Frontier Agents (Kiro autonomous agent / AWS Security Agent / AWS DevOps Agent) の紹介
msysh
3
170
Featured
See All Featured
Self-Hosted WebAssembly Runtime for Runtime-Neutral Checkpoint/Restore in Edge–Cloud Continuum
chikuwait
0
320
Claude Code どこまでも/ Claude Code Everywhere
nwiizo
61
52k
Lightning Talk: Beautiful Slides for Beginners
inesmontani
PRO
1
440
コードの90%をAIが書く世界で何が待っているのか / What awaits us in a world where 90% of the code is written by AI
rkaga
60
42k
Are puppies a ranking factor?
jonoalderson
1
2.7k
Embracing the Ebb and Flow
colly
88
5k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
31
9.9k
The innovator’s Mindset - Leading Through an Era of Exponential Change - McGill University 2025
jdejongh
PRO
1
90
VelocityConf: Rendering Performance Case Studies
addyosmani
333
24k
Kristin Tynski - Automating Marketing Tasks With AI
techseoconnect
PRO
0
140
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
4.2k
What Being in a Rock Band Can Teach Us About Real World SEO
427marketing
0
170
Transcript
Securing your software supply chain Anatomie einer DevSecOps Pipeline 1
Storytime 2
3 The way of the Code
The castle illusion 4
5 The way of the Code
6 The way of the Code
Code reviews 7
Signing git commits 8
9 The way of the Code
The dependency iceberg 10
Automation is king 11 • FindBugs • SonarQube • SAST/DAST
• Maven, NPM, ... • Container Images • Operating System • npm audit • Dependabot • Renovate Source Code Analysis Dependency Analysis Update Automation
12 The way of the Code
13 The key to the kingdom
14 Current situation deploy
15 Zero-Trust Deployment IAM deploy poll
16 Policy trumps checks IAM deploy poll
codecentric AG Kreuznacher Straße 30 60486 Frankfurt am Main Telefon:
+49 (0) 173.731 02 40 Nicolas Byl Senior Cloud Consultant
[email protected]
www.codecentric.de Innovative - Trustful - Competent - Pragmatic 17
nbyl
smt7174
sansantech
muziyoshiz
tsukuboshi
sansan33
keropiyo
guaca
msysh
chikuwait
nwiizo
inesmontani
rkaga
jonoalderson
colly
eileencodes
jdejongh
addyosmani
techseoconnect
kastner
427marketing
