Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Securing your software supply chain
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Nicolas Byl
April 17, 2020
Technology
0
380
Securing your software supply chain
Nicolas Byl
April 17, 2020
Tweet
Share
More Decks by Nicolas Byl
See All by Nicolas Byl
Platform Engineering ❤️ Developer Experience
nbyl
0
29
Die Flucht aus der Prototypen-Hölle
nbyl
0
48
Lean Prototyping for Industrial-IoT Projects
nbyl
0
67
DevSecOps - Vom Unikum zur gut geölten Maschine
nbyl
0
110
Keeping-Up-WithUpstream.pdf
nbyl
0
170
Dr. Kube und der Helm - Anatomie einer CD-Pipeline
nbyl
0
140
Securing the "other" supply chain
nbyl
0
290
Kubernetes - Auf die Cluster, Fertig, Los!
nbyl
0
200
Helm - Kubernetes Deployments richtig gemacht
nbyl
0
140
Other Decks in Technology
See All in Technology
セキュリティについて学ぶ会 / 2026 01 25 Takamatsu WordPress Meetup
rocketmartue
1
300
レガシー共有バッチ基盤への挑戦 - SREドリブンなリアーキテクチャリングの取り組み
tatsukoni
0
210
ブロックテーマ、WordPress でウェブサイトをつくるということ / 2026.02.07 Gifu WordPress Meetup
torounit
0
180
StrandsとNeptuneを使ってナレッジグラフを構築する
yakumo
1
110
こんなところでも(地味に)活躍するImage Modeさんを知ってるかい?- Image Mode for OpenShift -
tsukaman
0
130
IaaS/SaaS管理における SREの実践 - SRE Kaigi 2026
bbqallstars
4
2.2k
[CV勉強会@関東 World Model 読み会] Orbis: Overcoming Challenges of Long-Horizon Prediction in Driving World Models (Mousakhan+, NeurIPS 2025)
abemii
0
130
Contract One Engineering Unit 紹介資料
sansan33
PRO
0
13k
We Built for Predictability; The Workloads Didn’t Care
stahnma
0
140
フルカイテン株式会社 エンジニア向け採用資料
fullkaiten
0
10k
15 years with Rails and DDD (AI Edition)
andrzejkrzywda
0
190
30万人の同時アクセスに耐えたい!新サービスの盤石なリリースを支える負荷試験 / SRE Kaigi 2026
genda
4
1.3k
Featured
See All Featured
Code Reviewing Like a Champion
maltzj
527
40k
Become a Pro
speakerdeck
PRO
31
5.8k
Have SEOs Ruined the Internet? - User Awareness of SEO in 2025
akashhashmi
0
270
Statistics for Hackers
jakevdp
799
230k
Six Lessons from altMBA
skipperchong
29
4.1k
Exploring the relationship between traditional SERPs and Gen AI search
raygrieselhuber
PRO
2
3.6k
Hiding What from Whom? A Critical Review of the History of Programming languages for Music
tomoyanonymous
2
420
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
25
1.7k
The Anti-SEO Checklist Checklist. Pubcon Cyber Week
ryanjones
0
61
Collaborative Software Design: How to facilitate domain modelling decisions
baasie
0
140
Mobile First: as difficult as doing things right
swwweet
225
10k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
34
2.6k
Transcript
Securing your software supply chain Anatomie einer DevSecOps Pipeline 1
Storytime 2
3 The way of the Code
The castle illusion 4
5 The way of the Code
6 The way of the Code
Code reviews 7
Signing git commits 8
9 The way of the Code
The dependency iceberg 10
Automation is king 11 • FindBugs • SonarQube • SAST/DAST
• Maven, NPM, ... • Container Images • Operating System • npm audit • Dependabot • Renovate Source Code Analysis Dependency Analysis Update Automation
12 The way of the Code
13 The key to the kingdom
14 Current situation deploy
15 Zero-Trust Deployment IAM deploy poll
16 Policy trumps checks IAM deploy poll
codecentric AG Kreuznacher Straße 30 60486 Frankfurt am Main Telefon:
+49 (0) 173.731 02 40 Nicolas Byl Senior Cloud Consultant
[email protected]
www.codecentric.de Innovative - Trustful - Competent - Pragmatic 17
nbyl
rocketmartue
tatsukoni
torounit
yakumo
tsukaman
bbqallstars
abemii
sansan33
stahnma
fullkaiten
andrzejkrzywda
genda
maltzj
speakerdeck
akashhashmi
jakevdp
skipperchong
raygrieselhuber
tomoyanonymous
honnibal
ryanjones
baasie
swwweet
jcasabona
