Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Securing your software supply chain
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Nicolas Byl
April 17, 2020
Technology
0
380
Securing your software supply chain
Nicolas Byl
April 17, 2020
Tweet
Share
More Decks by Nicolas Byl
See All by Nicolas Byl
Platform Engineering ❤️ Developer Experience
nbyl
0
37
Die Flucht aus der Prototypen-Hölle
nbyl
0
51
Lean Prototyping for Industrial-IoT Projects
nbyl
0
70
DevSecOps - Vom Unikum zur gut geölten Maschine
nbyl
0
110
Keeping-Up-WithUpstream.pdf
nbyl
0
180
Dr. Kube und der Helm - Anatomie einer CD-Pipeline
nbyl
0
140
Securing the "other" supply chain
nbyl
0
300
Kubernetes - Auf die Cluster, Fertig, Los!
nbyl
0
210
Helm - Kubernetes Deployments richtig gemacht
nbyl
0
140
Other Decks in Technology
See All in Technology
JAWS FESTA 2025でリリースしたほぼリアルタイム文字起こし/翻訳機能の構成について
naoki8408
1
610
コンテキスト・ハーネスエンジニアリングの現在
hirosatogamo
PRO
3
210
[JAWSDAYS2026]Who is responsible for IAM
mizukibbb
0
760
非情報系研究者へ送る Transformer入門
rishiyama
11
7.6k
Oracle Cloud Infrastructure IaaS 新機能アップデート 2025/12 - 2026/2
oracle4engineer
PRO
0
150
ガバメントクラウドにおけるAWSの長期継続割引について
takeda_h
2
320
わたしがセキュアにAWSを使えるわけないじゃん、ムリムリ!(※ムリじゃなかった!?)
cmusudakeisuke
1
760
ReactのdangerouslySetInnerHTMLは“dangerously”だから危険 / Security.any #09 卒業したいセキュリティLT
flatt_security
0
160
Yahoo!ショッピングのレコメンデーション・システムにおけるML実践の一例
lycorptech_jp
PRO
1
210
S3はフラットである –AWS公式SDKにも存在した、 署名付きURLにおけるパストラバーサル脆弱性– / JAWS DAYS 2026
flatt_security
0
1.8k
AWS DevOps Agent vs SRE俺 / AWS DevOps Agent vs me, the SRE
sms_tech
3
880
Claude Code 2026年 最新アップデート
oikon48
13
10k
Featured
See All Featured
A better future with KSS
kneath
240
18k
Claude Code のすすめ
schroneko
67
220k
What does AI have to do with Human Rights?
axbom
PRO
1
2k
BBQ
matthewcrist
89
10k
Visualization
eitanlees
150
17k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
17k
WENDY [Excerpt]
tessaabrams
9
36k
Breaking role norms: Why Content Design is so much more than writing copy - Taylor Woolridge
uxyall
0
210
The innovator’s Mindset - Leading Through an Era of Exponential Change - McGill University 2025
jdejongh
PRO
1
130
Exploring the relationship between traditional SERPs and Gen AI search
raygrieselhuber
PRO
2
3.7k
30 Presentation Tips
portentint
PRO
1
250
Visual Storytelling: How to be a Superhuman Communicator
reverentgeek
2
470
Transcript
Securing your software supply chain Anatomie einer DevSecOps Pipeline 1
Storytime 2
3 The way of the Code
The castle illusion 4
5 The way of the Code
6 The way of the Code
Code reviews 7
Signing git commits 8
9 The way of the Code
The dependency iceberg 10
Automation is king 11 • FindBugs • SonarQube • SAST/DAST
• Maven, NPM, ... • Container Images • Operating System • npm audit • Dependabot • Renovate Source Code Analysis Dependency Analysis Update Automation
12 The way of the Code
13 The key to the kingdom
14 Current situation deploy
15 Zero-Trust Deployment IAM deploy poll
16 Policy trumps checks IAM deploy poll
codecentric AG Kreuznacher Straße 30 60486 Frankfurt am Main Telefon:
+49 (0) 173.731 02 40 Nicolas Byl Senior Cloud Consultant
[email protected]
www.codecentric.de Innovative - Trustful - Competent - Pragmatic 17
nbyl
naoki8408
hirosatogamo
mizukibbb
rishiyama
oracle4engineer
takeda_h
cmusudakeisuke
flatt_security
lycorptech_jp
sms_tech
oikon48
kneath
schroneko
axbom
matthewcrist
eitanlees
afnizarnur
tessaabrams
uxyall
jdejongh
raygrieselhuber
portentint
reverentgeek
