Pro Yearly is on sale from $80 to $50! »

Securing your software supply chain

F029ec9c798e4dc447cab5e76f62fa17?s=47 Nicolas Byl
April 17, 2020
Technology
0
35

Securing your software supply chain

F029ec9c798e4dc447cab5e76f62fa17?s=128

Nicolas Byl

April 17, 2020
Tweet

More Decks by Nicolas Byl

See All by Nicolas Byl
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
0
40
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
0
39
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
0
52
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
0
66
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
0
54
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
0
84
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
0
150
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
0
41
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
1
43

Other Decks in Technology

See All in Technology
64a4ba69d50590e592cd8e572454daa8?s=48 olegkovalov
0
220
Eebedc2ee7ff95ffb9d9102c6d4a065c?s=48 line_devday2020
0
150
Eebedc2ee7ff95ffb9d9102c6d4a065c?s=48 line_devday2020
0
130
Fe06c08a0de4da36003bfeb7b749cbf8?s=48 ryotaumebayashi
1
200
C9ab1175a6981a2f67ce8d08aa17c15a?s=48 mpilquist
0
210
Eebedc2ee7ff95ffb9d9102c6d4a065c?s=48 line_devday2020
0
110
Eebedc2ee7ff95ffb9d9102c6d4a065c?s=48 line_devday2020
0
250
Eebedc2ee7ff95ffb9d9102c6d4a065c?s=48 line_devday2020
0
140
4b2f3a64637b51e81813accbe8a98083?s=48 miura55
0
110
Eebedc2ee7ff95ffb9d9102c6d4a065c?s=48 line_devday2020
0
170
D0f5daa7cc3a26140c06ea29e5e235cc?s=48 noriyukitakei
0
190
Eebedc2ee7ff95ffb9d9102c6d4a065c?s=48 line_devday2020
0
460

Featured

See All Featured
B3d6434763caa0ef5dc4b792662c49f7?s=48 smashingmag
228
17k
Eb8975af8e49e19e3dd6b6b84a542e26?s=48 qrush
284
18k
C157b16234f1e75e8eac3698c1d4414a?s=48 ddemaree
274
31k
465724d73fe3a92c0879fdfb43a3a6f3?s=48 philhawksworth
190
17k
0c6fd6a08d0f898159cda7cafcacf07f?s=48 afnizarnur
176
14k
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
777
240k
Fe6b81005d1553accd6b2a28f6a2bef1?s=48 phodgson
86
3.9k
4262b9cfacfb6b2c77f23e1d0310cd3e?s=48 myddelton
107
11k
5f2da528927a2ec9ba4fec2069cbc958?s=48 kneath
295
39k
433acaea1012b25d97ae66da9b998dad?s=48 malarkey
192
8.4k
D8fc2580cfaca035f666d9e4ee79a7f7?s=48 mongodb
23
3.7k
D83926c323d4f9289f947b4b4e76b939?s=48 jensimmons
205
10k

Transcript

  1. Securing your software supply chain Anatomie einer DevSecOps Pipeline 1

  2. Storytime 2

  3. 3 The way of the Code

  4. The castle illusion 4

  5. 5 The way of the Code

  6. 6 The way of the Code

  7. Code reviews 7

  8. Signing git commits 8

  9. 9 The way of the Code

  10. The dependency iceberg 10

  11. Automation is king 11 • FindBugs • SonarQube • SAST/DAST

    • Maven, NPM, ... • Container Images • Operating System • npm audit • Dependabot • Renovate Source Code Analysis Dependency Analysis Update Automation

  12. 12 The way of the Code

  13. 13 The key to the kingdom

  14. 14 Current situation deploy

  15. 15 Zero-Trust Deployment IAM deploy poll

  16. 16 Policy trumps checks IAM deploy poll

  17. codecentric AG Kreuznacher Straße 30 60486 Frankfurt am Main Telefon:

    +49 (0) 173.731 02 40 Nicolas Byl Senior Cloud Consultant nicolas.byl@codecentric.de www.codecentric.de Innovative - Trustful - Competent - Pragmatic 17