Securing your software supply chain

Securing your software supply chain

F029ec9c798e4dc447cab5e76f62fa17?s=128

Nicolas Byl

April 17, 2020
Tweet

Transcript

  1. Securing your software supply chain Anatomie einer DevSecOps Pipeline 1

  2. Storytime 2

  3. 3 The way of the Code

  4. The castle illusion 4

  5. 5 The way of the Code

  6. 6 The way of the Code

  7. Code reviews 7

  8. Signing git commits 8

  9. 9 The way of the Code

  10. The dependency iceberg 10

  11. Automation is king 11 • FindBugs • SonarQube • SAST/DAST

    • Maven, NPM, ... • Container Images • Operating System • npm audit • Dependabot • Renovate Source Code Analysis Dependency Analysis Update Automation
  12. 12 The way of the Code

  13. 13 The key to the kingdom

  14. 14 Current situation deploy

  15. 15 Zero-Trust Deployment IAM deploy poll

  16. 16 Policy trumps checks IAM deploy poll

  17. codecentric AG Kreuznacher Straße 30 60486 Frankfurt am Main Telefon:

    +49 (0) 173.731 02 40 Nicolas Byl Senior Cloud Consultant nicolas.byl@codecentric.de www.codecentric.de Innovative - Trustful - Competent - Pragmatic 17