Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Speaker Deck
PRO
Sign in
Sign up
for free
Securing your software supply chain
Nicolas Byl
April 17, 2020
Technology
0
37
Securing your software supply chain
Nicolas Byl
April 17, 2020
Tweet
Share
More Decks by Nicolas Byl
See All by Nicolas Byl
nbyl
0
42
nbyl
0
40
nbyl
0
63
nbyl
0
66
nbyl
0
56
nbyl
0
84
nbyl
0
160
nbyl
0
44
nbyl
1
43
Other Decks in Technology
See All in Technology
chaspy
6
1.3k
akitok_
2
780
dena_tech
1
180
sat
40
29k
koukyo1994
3
540
free_world21
0
110
htomine
0
180
uzabasetech
2
740
armaniacs
0
270
ippey
2
210
korodroid
0
230
raykataoka
9
8.7k
Featured
See All Featured
dotmariusz
94
5.5k
lauravandoore
437
28k
tanoku
86
8.6k
ufuk
56
5.4k
garrettdimon
288
110k
geoffreycrofte
21
930
jponch
103
5.1k
philhawksworth
192
8.8k
paulrobertlloyd
71
3.6k
lara
15
2.7k
tammielis
237
23k
cassininazir
347
20k
Transcript
Securing your software supply chain Anatomie einer DevSecOps Pipeline 1
Storytime 2
3 The way of the Code
The castle illusion 4
5 The way of the Code
6 The way of the Code
Code reviews 7
Signing git commits 8
9 The way of the Code
The dependency iceberg 10
Automation is king 11 • FindBugs • SonarQube • SAST/DAST
• Maven, NPM, ... • Container Images • Operating System • npm audit • Dependabot • Renovate Source Code Analysis Dependency Analysis Update Automation
12 The way of the Code
13 The key to the kingdom
14 Current situation deploy
15 Zero-Trust Deployment IAM deploy poll
16 Policy trumps checks IAM deploy poll
codecentric AG Kreuznacher Straße 30 60486 Frankfurt am Main Telefon:
+49 (0) 173.731 02 40 Nicolas Byl Senior Cloud Consultant nicolas.byl@codecentric.de www.codecentric.de Innovative - Trustful - Competent - Pragmatic 17