Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Securing your software supply chain

F029ec9c798e4dc447cab5e76f62fa17?s=47 Nicolas Byl
April 17, 2020
Technology
0
37

Securing your software supply chain

F029ec9c798e4dc447cab5e76f62fa17?s=128

Nicolas Byl

April 17, 2020
Tweet

More Decks by Nicolas Byl

See All by Nicolas Byl
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
0
42
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
0
40
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
0
63
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
0
66
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
0
56
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
0
84
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
0
160
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
0
44
F029ec9c798e4dc447cab5e76f62fa17?s=48 nbyl
1
43

Other Decks in Technology

See All in Technology
93c80c388fe9d8f9df7d030549a0ff0b?s=48 chaspy
6
1.3k
08672189228a165c14ed8d896f9a4d3a?s=48 akitok_
2
780
8a84268593355816432ceaf78777d585?s=48 dena_tech
1
180
842515eaf8fbb2dfcc75197e7797dc15?s=48 sat
40
29k
2c68dc672293cc3f8a7a57d3af86f15b?s=48 koukyo1994
3
540
9e014a8c38462fcaf2c136e65837b348?s=48 free_world21
0
110
0e8fbeb3dc2da3e502483edea80be7d6?s=48 htomine
0
180
C75d933a1fe7006740250081b4c9c697?s=48 uzabasetech
2
740
2795514d0184c363832fd7591caaf3f5?s=48 armaniacs
0
270
A73ed5cefbbd84abd2c5e14a5eb4a339?s=48 ippey
2
210
97a7f7899e0df28c3636b8d44bbe6578?s=48 korodroid
0
230
5a065e7ea7c56f4b04c2271771688df3?s=48 raykataoka
9
8.7k

Featured

See All Featured
651dcfe41723207fbb0aa044a4f7c07f?s=48 dotmariusz
94
5.5k
1177e050db6bafe62885362edf6e3537?s=48 lauravandoore
437
28k
6804f1775cb4babfcc3851298566fbce?s=48 tanoku
86
8.6k
2bb923c57a1fdc3a2eb484bb8d565fd2?s=48 ufuk
56
5.4k
A9179349dd2bdc67f377719f56d85656?s=48 garrettdimon
288
110k
5b6a2bd86ef643786a381a212e0ef2f1?s=48 geoffreycrofte
21
930
7653c7c449918ff6542880a8c284f5e7?s=48 jponch
103
5.1k
465724d73fe3a92c0879fdfb43a3a6f3?s=48 philhawksworth
192
8.8k
0bce06bd06ee7a2c4f5500f25dcf7f18?s=48 paulrobertlloyd
71
3.6k
245cee81a9c424266e5e401d844ea881?s=48 lara
15
2.7k
D36d2c1821af9249b69ff7f5ed60529b?s=48 tammielis
237
23k
44b54d2ffcb7857004071cc6795dde11?s=48 cassininazir
347
20k

Transcript

  1. Securing your software supply chain Anatomie einer DevSecOps Pipeline 1

  2. Storytime 2

  3. 3 The way of the Code

  4. The castle illusion 4

  5. 5 The way of the Code

  6. 6 The way of the Code

  7. Code reviews 7

  8. Signing git commits 8

  9. 9 The way of the Code

  10. The dependency iceberg 10

  11. Automation is king 11 • FindBugs • SonarQube • SAST/DAST

    • Maven, NPM, ... • Container Images • Operating System • npm audit • Dependabot • Renovate Source Code Analysis Dependency Analysis Update Automation

  12. 12 The way of the Code

  13. 13 The key to the kingdom

  14. 14 Current situation deploy

  15. 15 Zero-Trust Deployment IAM deploy poll

  16. 16 Policy trumps checks IAM deploy poll

  17. codecentric AG Kreuznacher Straße 30 60486 Frankfurt am Main Telefon:

    +49 (0) 173.731 02 40 Nicolas Byl Senior Cloud Consultant nicolas.byl@codecentric.de www.codecentric.de Innovative - Trustful - Competent - Pragmatic 17