Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Securing your software supply chain
Search
Nicolas Byl
April 17, 2020
Technology
390
0
Share
Securing your software supply chain
Nicolas Byl
April 17, 2020
More Decks by Nicolas Byl
See All by Nicolas Byl
Platform Engineering ❤️ Developer Experience
nbyl
0
50
Die Flucht aus der Prototypen-Hölle
nbyl
0
55
Lean Prototyping for Industrial-IoT Projects
nbyl
0
76
DevSecOps - Vom Unikum zur gut geölten Maschine
nbyl
0
120
Keeping-Up-WithUpstream.pdf
nbyl
0
190
Dr. Kube und der Helm - Anatomie einer CD-Pipeline
nbyl
0
150
Securing the "other" supply chain
nbyl
0
310
Kubernetes - Auf die Cluster, Fertig, Los!
nbyl
0
220
Helm - Kubernetes Deployments richtig gemacht
nbyl
0
150
Other Decks in Technology
See All in Technology
TypeScriptはどのようにどこまで推論できるのか ─ とにかく as は禁止で
ypresto
1
290
GCASアップデート(202603-202605)
techniczna
0
240
"スキルファースト"で作る、AIの自走環境
subroh0508
1
660
LT準備のToilを削減 〜決定論×確率論のスライド生成CLI〜
shukob
0
120
業務に残された「良くない型」で考える「TypeScriptの難しさ」
sajikix
3
1k
SDDで⾒える、AIコーディングの"内訳"
lycorptech_jp
PRO
0
140
TypeScriptで実現する既存APIを活用したリモートMCPサーバー構築 / TSKaigi 2026
soarteclab
1
180
Directions Asia 2026 | Beyond Buildable AI Agents: Let’s Visualize Partner Value in the AI Era
ryoheig0405
0
140
AIAgentと取り組むKaggle
508shuto
2
470
実践 TanStack Start ― 新規プロダクトを開発して確立した、サーバーとクライアント境界の設計パターン / Practical TanStack Start Server-Client Boundary Patterns
kaminashi
2
170
既存プロダクトQAから新規プロダクトQAへ
ryotakahashi
0
170
R&D 祭 2024 アニメエフェクト作成の効率化
olmdrd
PRO
0
110
Featured
See All Featured
Context Engineering - Making Every Token Count
addyosmani
9
890
VelocityConf: Rendering Performance Case Studies
addyosmani
333
25k
Art, The Web, and Tiny UX
lynnandtonic
304
21k
The Illustrated Guide to Node.js - THAT Conference 2024
reverentgeek
1
350
Claude Code のすすめ
schroneko
67
220k
The Limits of Empathy - UXLibs8
cassininazir
1
330
The Impact of AI in SEO - AI Overviews June 2024 Edition
aleyda
5
1.1k
GraphQLとの向き合い方2022年版
quramy
50
15k
A designer walks into a library…
pauljervisheath
211
24k
Why You Should Never Use an ORM
jnunemaker
PRO
61
9.8k
How Software Deployment tools have changed in the past 20 years
geshan
0
33k
Faster Mobile Websites
deanohume
310
31k
Transcript
Securing your software supply chain Anatomie einer DevSecOps Pipeline 1
Storytime 2
3 The way of the Code
The castle illusion 4
5 The way of the Code
6 The way of the Code
Code reviews 7
Signing git commits 8
9 The way of the Code
The dependency iceberg 10
Automation is king 11 • FindBugs • SonarQube • SAST/DAST
• Maven, NPM, ... • Container Images • Operating System • npm audit • Dependabot • Renovate Source Code Analysis Dependency Analysis Update Automation
12 The way of the Code
13 The key to the kingdom
14 Current situation deploy
15 Zero-Trust Deployment IAM deploy poll
16 Policy trumps checks IAM deploy poll
codecentric AG Kreuznacher Straße 30 60486 Frankfurt am Main Telefon:
+49 (0) 173.731 02 40 Nicolas Byl Senior Cloud Consultant
[email protected]
www.codecentric.de Innovative - Trustful - Competent - Pragmatic 17
nbyl
ypresto
techniczna
subroh0508
shukob
sajikix
lycorptech_jp
(1).png){kind=avatar}
soarteclab
ryoheig0405
508shuto
kaminashi
ryotakahashi
olmdrd
addyosmani
lynnandtonic
reverentgeek
schroneko
cassininazir
aleyda
quramy
pauljervisheath
jnunemaker
geshan
deanohume
