Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Securing your software supply chain

F029ec9c798e4dc447cab5e76f62fa17?s=47 Nicolas Byl
April 17, 2020
Technology
0
76

Securing your software supply chain

F029ec9c798e4dc447cab5e76f62fa17?s=128

Nicolas Byl

April 17, 2020
Tweet

More Decks by Nicolas Byl

See All by Nicolas Byl
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
0
50
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
0
48
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
0
94
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
0
73
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
0
64
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
0
89
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
0
170
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
0
54
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
1
45

Other Decks in Technology

See All in Technology
2c51cbf972b0de2e0696c8a26c7d1f4b?s=48 matsuihidetoshi
0
210
D2f212ce418f3daa29c23914c9b6892b?s=48 kenmaz
2
410
Bf7fe621f4fe1615c228ef8a79b87282?s=48 shirayanagiryuji
0
110
6500a96a5f0786d7ff0c53429d691ae6?s=48 kazuhiro4949
2
350
6a87c9bfc71c805c3f5f248b359365d3?s=48 mu2in
0
430
Cfe33d3ab95f1c4902ee70b54af9e2a5?s=48 tokyoyoshida
0
220
7634917a0679d61341cb5cf40dbc7766?s=48 yokawasa
0
350
22e056dcb79e14363e844f1e57986325?s=48 aratayokoyama
0
110
842515eaf8fbb2dfcc75197e7797dc15?s=48 sat
2
330
3009eedce0d0f7ae45987a7bd8f57b85?s=48 nkjzm
0
140
B79e8f240b4b730fb692ab93ad42a89b?s=48 darquro
2
310
C58d9fc209cfdc0b822f851911110fa6?s=48 coe
4
470

Featured

See All Featured
C0390e8b11079f8761c0cd3274ed61cb?s=48 productmarketing
11
1.1k
465724d73fe3a92c0879fdfb43a3a6f3?s=48 philhawksworth
195
9k
B83d5b590577969ee79a5ad845411a7d?s=48 ammeep
660
55k
A16eb159db895e3b01d3dc95767ad595?s=48 jonyablonski
37
1.7k
C51b39fa3c79ccb99dcb8a076bc98287?s=48 brianwarren
87
5.3k
95d9f37115fbb0d13135d0f77132f856?s=48 morganepeng
98
15k
Ba530e786553390f3fb271848485681c?s=48 3n
169
23k
1b8ad785acdd1ce1c99914b1c2a4e10e?s=48 sugarenia
235
950k
6bb82b13cda86d3b821fa44100335ddf?s=48 thoeni
6
920
651dcfe41723207fbb0aa044a4f7c07f?s=48 dotmariusz
99
5.7k
E4f5d494ebdc9e7cce1aecf3ce3e8bc1?s=48 shpigford
167
19k
3ab1249be442027903e1180025340b3f?s=48 reverentgeek
171
7.7k

Transcript

  1. Securing your software supply chain Anatomie einer DevSecOps Pipeline 1

  2. Storytime 2

  3. 3 The way of the Code

  4. The castle illusion 4

  5. 5 The way of the Code

  6. 6 The way of the Code

  7. Code reviews 7

  8. Signing git commits 8

  9. 9 The way of the Code

  10. The dependency iceberg 10

  11. Automation is king 11 • FindBugs • SonarQube • SAST/DAST

    • Maven, NPM, ... • Container Images • Operating System • npm audit • Dependabot • Renovate Source Code Analysis Dependency Analysis Update Automation

  12. 12 The way of the Code

  13. 13 The key to the kingdom

  14. 14 Current situation deploy

  15. 15 Zero-Trust Deployment IAM deploy poll

  16. 16 Policy trumps checks IAM deploy poll

  17. codecentric AG Kreuznacher Straße 30 60486 Frankfurt am Main Telefon:

    +49 (0) 173.731 02 40 Nicolas Byl Senior Cloud Consultant nicolas.byl@codecentric.de www.codecentric.de Innovative - Trustful - Competent - Pragmatic 17