Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Securing your software supply chain
Search
Nicolas Byl
April 17, 2020
Technology
0
370
Securing your software supply chain
Nicolas Byl
April 17, 2020
Tweet
Share
More Decks by Nicolas Byl
See All by Nicolas Byl
Platform Engineering ❤️ Developer Experience
nbyl
0
13
Die Flucht aus der Prototypen-Hölle
nbyl
0
43
Lean Prototyping for Industrial-IoT Projects
nbyl
0
46
DevSecOps - Vom Unikum zur gut geölten Maschine
nbyl
0
100
Keeping-Up-WithUpstream.pdf
nbyl
0
170
Dr. Kube und der Helm - Anatomie einer CD-Pipeline
nbyl
0
120
Securing the "other" supply chain
nbyl
0
280
Kubernetes - Auf die Cluster, Fertig, Los!
nbyl
0
190
Helm - Kubernetes Deployments richtig gemacht
nbyl
0
130
Other Decks in Technology
See All in Technology
Data & AIの未来とLakeHouse
ishikawa_satoru
0
720
CloudFormationコンソールから、 実際に作られたリソースを辿れるようになろう!
amixedcolor
1
150
【AWS reInvent 2025 関西組 事前勉強会】re:Inventの“感動と興奮”を思い出してモチベ爆上げしたいです
ttelltte
0
130
こんな時代だからこそ! 想定しておきたい アクセスキー漏洩後のムーブ
takuyay0ne
4
530
ubuntu-latest から ubuntu-slim へ移行しよう!コスト削減うれしい~!
asumikam
0
460
re:Invent完全攻略ガイド
junjikoide
1
260
Pythonで構築する全国市町村ナレッジグラフ: GraphRAGを用いた意味的地域検索への応用
negi111111
8
3.4k
嗚呼、当時の本番環境の状態で AI Agentを再評価したいなぁ...
po3rin
0
400
What's the recommended Flutter architecture
aakira
1
900
品質保証の取り組みを広げる仕組みづくり〜スキルの移譲と自律を支える実践知〜
tarappo
2
830
ソフトウェア開発現代史: 55%が変化に備えていない現実 ─ AI支援型開発時代のReboot Japan #agilejapan
takabow
1
1.6k
Spring Boot利用を前提としたJavaライブラリ開発方法の提案
kokihoshihara
PRO
2
100
Featured
See All Featured
The Pragmatic Product Professional
lauravandoore
36
7k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
49
3.2k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
36
6.1k
Building Better People: How to give real-time feedback that sticks.
wjessup
370
20k
How to Think Like a Performance Engineer
csswizardry
28
2.3k
YesSQL, Process and Tooling at Scale
rocio
174
15k
The Power of CSS Pseudo Elements
geoffreycrofte
80
6k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
12
1.3k
How To Stay Up To Date on Web Technology
chriscoyier
791
250k
The Art of Programming - Codeland 2020
erikaheidi
56
14k
Mobile First: as difficult as doing things right
swwweet
225
10k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
31
2.6k
Transcript
Securing your software supply chain Anatomie einer DevSecOps Pipeline 1
Storytime 2
3 The way of the Code
The castle illusion 4
5 The way of the Code
6 The way of the Code
Code reviews 7
Signing git commits 8
9 The way of the Code
The dependency iceberg 10
Automation is king 11 • FindBugs • SonarQube • SAST/DAST
• Maven, NPM, ... • Container Images • Operating System • npm audit • Dependabot • Renovate Source Code Analysis Dependency Analysis Update Automation
12 The way of the Code
13 The key to the kingdom
14 Current situation deploy
15 Zero-Trust Deployment IAM deploy poll
16 Policy trumps checks IAM deploy poll
codecentric AG Kreuznacher Straße 30 60486 Frankfurt am Main Telefon:
+49 (0) 173.731 02 40 Nicolas Byl Senior Cloud Consultant
[email protected]
www.codecentric.de Innovative - Trustful - Competent - Pragmatic 17
nbyl
ishikawa_satoru
amixedcolor
ttelltte
takuyay0ne
asumikam
junjikoide
negi111111
po3rin
aakira
tarappo
takabow
kokihoshihara
lauravandoore
tammyeverts
kevinliebholz
wjessup
csswizardry
rocio
geoffreycrofte
chriscoyier
erikaheidi
swwweet
marktimemedia
