Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Securing your software supply chain
Search
Nicolas Byl
April 17, 2020
Technology
0
320
Securing your software supply chain
Nicolas Byl
April 17, 2020
Tweet
Share
More Decks by Nicolas Byl
See All by Nicolas Byl
Die Flucht aus der Prototypen-Hölle
nbyl
0
30
Lean Prototyping for Industrial-IoT Projects
nbyl
0
22
DevSecOps - Vom Unikum zur gut geölten Maschine
nbyl
0
81
Keeping-Up-WithUpstream.pdf
nbyl
0
120
Dr. Kube und der Helm - Anatomie einer CD-Pipeline
nbyl
0
96
Securing the "other" supply chain
nbyl
0
220
Kubernetes - Auf die Cluster, Fertig, Los!
nbyl
0
140
Helm - Kubernetes Deployments richtig gemacht
nbyl
0
110
It's the developers, stupid!
nbyl
0
140
Other Decks in Technology
See All in Technology
20241220_S3 tablesの使い方を検証してみた
handy
3
200
私なりのAIのご紹介 [2024年版]
qt_luigi
1
120
10個のフィルタをAXI4-Streamでつなげてみた
marsee101
0
160
大幅アップデートされたRagas v0.2をキャッチアップ
os1ma
2
520
2024年にチャレンジしたことを振り返るぞ
mitchan
0
130
Turing × atmaCup #18 - 1st Place Solution
hakubishin3
0
470
第3回Snowflake女子会_LT登壇資料(合成データ)_Taro_CCCMK
tarotaro0129
0
180
re:Invent 2024 Innovation Talks(NET201)で語られた大切なこと
shotashiratori
0
300
CustomCopを使ってMongoidのコーディングルールを整えてみた
jinoketani
0
220
フロントエンド設計にモブ設計を導入してみた / 20241212_cloudsign_TechFrontMeetup
bengo4com
0
1.9k
ずっと昔に Star をつけたはずの 思い出せない GitHub リポジトリを見つけたい!
rokuosan
0
150
Storage Browser for Amazon S3
miu_crescent
1
130
Featured
See All Featured
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
159
15k
Designing for Performance
lara
604
68k
How to Think Like a Performance Engineer
csswizardry
22
1.2k
Large-scale JavaScript Application Architecture
addyosmani
510
110k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
507
140k
Done Done
chrislema
181
16k
Scaling GitHub
holman
458
140k
Building Flexible Design Systems
yeseniaperezcruz
327
38k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
5
440
Optimizing for Happiness
mojombo
376
70k
How GitHub (no longer) Works
holman
311
140k
The Invisible Side of Design
smashingmag
298
50k
Transcript
Securing your software supply chain Anatomie einer DevSecOps Pipeline 1
Storytime 2
3 The way of the Code
The castle illusion 4
5 The way of the Code
6 The way of the Code
Code reviews 7
Signing git commits 8
9 The way of the Code
The dependency iceberg 10
Automation is king 11 • FindBugs • SonarQube • SAST/DAST
• Maven, NPM, ... • Container Images • Operating System • npm audit • Dependabot • Renovate Source Code Analysis Dependency Analysis Update Automation
12 The way of the Code
13 The key to the kingdom
14 Current situation deploy
15 Zero-Trust Deployment IAM deploy poll
16 Policy trumps checks IAM deploy poll
codecentric AG Kreuznacher Straße 30 60486 Frankfurt am Main Telefon:
+49 (0) 173.731 02 40 Nicolas Byl Senior Cloud Consultant
[email protected]
www.codecentric.de Innovative - Trustful - Competent - Pragmatic 17
nbyl
handy
qt_luigi
marsee101
os1ma
mitchan
hakubishin3
tarotaro0129
shotashiratori
jinoketani
bengo4com
rokuosan
miu_crescent
sstephenson
lara
csswizardry
addyosmani
chriscoyier
chrislema
holman
yeseniaperezcruz
irinanazarova
mojombo
smashingmag
