Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Securing your software supply chain

Securing your software supply chain

Nicolas Byl

April 17, 2020
Tweet

More Decks by Nicolas Byl

Other Decks in Technology

Transcript

  1. Securing your
    software supply
    chain
    Anatomie einer DevSecOps
    Pipeline
    1

    View Slide

  2. Storytime
    2

    View Slide

  3. 3
    The way of the Code

    View Slide

  4. The castle illusion
    4

    View Slide

  5. 5
    The way of the Code

    View Slide

  6. 6
    The way of the Code

    View Slide

  7. Code reviews
    7

    View Slide

  8. Signing git commits
    8

    View Slide

  9. 9
    The way of the Code

    View Slide

  10. The dependency
    iceberg
    10

    View Slide

  11. Automation is king
    11
    • FindBugs
    • SonarQube
    • SAST/DAST
    • Maven, NPM, ...
    • Container Images
    • Operating System
    • npm audit
    • Dependabot
    • Renovate
    Source Code Analysis Dependency Analysis Update Automation

    View Slide

  12. 12
    The way of the Code

    View Slide

  13. 13
    The key to the kingdom

    View Slide

  14. 14
    Current situation
    deploy

    View Slide

  15. 15
    Zero-Trust Deployment
    IAM deploy
    poll

    View Slide

  16. 16
    Policy trumps checks
    IAM deploy
    poll

    View Slide

  17. codecentric AG
    Kreuznacher Straße 30
    60486 Frankfurt am Main
    Telefon: +49 (0) 173.731 02 40
    Nicolas Byl
    Senior Cloud Consultant
    [email protected]
    www.codecentric.de
    Innovative - Trustful - Competent - Pragmatic
    17

    View Slide