Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Securing your software supply chain
Search
Nicolas Byl
April 17, 2020
Technology
0
350
Securing your software supply chain
Nicolas Byl
April 17, 2020
Tweet
Share
More Decks by Nicolas Byl
See All by Nicolas Byl
Die Flucht aus der Prototypen-Hölle
nbyl
0
41
Lean Prototyping for Industrial-IoT Projects
nbyl
0
38
DevSecOps - Vom Unikum zur gut geölten Maschine
nbyl
0
91
Keeping-Up-WithUpstream.pdf
nbyl
0
150
Dr. Kube und der Helm - Anatomie einer CD-Pipeline
nbyl
0
110
Securing the "other" supply chain
nbyl
0
250
Kubernetes - Auf die Cluster, Fertig, Los!
nbyl
0
170
Helm - Kubernetes Deployments richtig gemacht
nbyl
0
120
It's the developers, stupid!
nbyl
0
180
Other Decks in Technology
See All in Technology
オーティファイ会社紹介資料 / Autify Company Deck
autifyhq
10
130k
IPA&AWSダブル全冠が明かす、人生を変えた勉強法のすべて
iwamot
PRO
2
220
VS CodeとGitHub Copilotで爆速開発!アップデートの波に乗るおさらい会 / Rapid Development with VS Code and GitHub Copilot: Catch the Latest Wave
yamachu
2
380
NewSQLや分散データベースを支えるRaftの仕組み - 仕組みを理解して知る得意不得意
hacomono
PRO
3
230
マルチプロダクト環境におけるSREの役割 / SRE NEXT 2025 lunch session
sugamasao
1
530
60以上のプロダクトを持つ組織における開発者体験向上への取り組み - チームAPIとBackstageで構築する組織の可視化基盤 - / sre next 2025 Efforts to Improve Developer Experience in an Organization with Over 60 Products
vtryo
3
1.7k
「Chatwork」のEKS環境を支えるhelmfileを使用したマニフェスト管理術
hanayo04
1
270
20250708オープンエンドな探索と知識発見
sakana_ai
PRO
4
930
United™️ Airlines®️ Customer®️ USA Contact Numbers: Complete 2025 Support Guide
flyunitedguide
0
790
AWS CDK 入門ガイド これだけは知っておきたいヒント集
anank
5
680
microCMSではじめるAIライティング
himaratsu
0
130
ポストコロナ時代の SaaS におけるコスト削減の意義
izzii
1
390
Featured
See All Featured
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
18
980
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
507
140k
Typedesign – Prime Four
hannesfritz
42
2.7k
A designer walks into a library…
pauljervisheath
207
24k
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
248
1.3M
Why You Should Never Use an ORM
jnunemaker
PRO
58
9.4k
How to train your dragon (web standard)
notwaldorf
96
6.1k
Why Our Code Smells
bkeepers
PRO
336
57k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
181
54k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
138
34k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
126
53k
Transcript
Securing your software supply chain Anatomie einer DevSecOps Pipeline 1
Storytime 2
3 The way of the Code
The castle illusion 4
5 The way of the Code
6 The way of the Code
Code reviews 7
Signing git commits 8
9 The way of the Code
The dependency iceberg 10
Automation is king 11 • FindBugs • SonarQube • SAST/DAST
• Maven, NPM, ... • Container Images • Operating System • npm audit • Dependabot • Renovate Source Code Analysis Dependency Analysis Update Automation
12 The way of the Code
13 The key to the kingdom
14 Current situation deploy
15 Zero-Trust Deployment IAM deploy poll
16 Policy trumps checks IAM deploy poll
codecentric AG Kreuznacher Straße 30 60486 Frankfurt am Main Telefon:
+49 (0) 173.731 02 40 Nicolas Byl Senior Cloud Consultant
[email protected]
www.codecentric.de Innovative - Trustful - Competent - Pragmatic 17