Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Securing your software supply chain
Search
Nicolas Byl
April 17, 2020
Technology
0
250
Securing your software supply chain
Nicolas Byl
April 17, 2020
Tweet
Share
More Decks by Nicolas Byl
See All by Nicolas Byl
Die Flucht aus der Prototypen-Hölle
nbyl
0
11
Lean Prototyping for Industrial-IoT Projects
nbyl
0
16
DevSecOps - Vom Unikum zur gut geölten Maschine
nbyl
0
68
Keeping-Up-WithUpstream.pdf
nbyl
0
91
Dr. Kube und der Helm - Anatomie einer CD-Pipeline
nbyl
0
85
Securing the "other" supply chain
nbyl
0
200
Kubernetes - Auf die Cluster, Fertig, Los!
nbyl
0
110
Helm - Kubernetes Deployments richtig gemacht
nbyl
0
90
It's the developers, stupid!
nbyl
0
120
Other Decks in Technology
See All in Technology
WebアプリケーションにおけるPDOの使い方入門 / phpcon odawara 2024
meihei3
2
430
[PlatformCon 24] Platform Orchestrators: The Missing Middle of Internal Developer Platforms?
danielbryantuk
1
180
検証を通して見えてきたTiDBの性能特性
lycorptech_jp
PRO
6
3.3k
DevOpsメトリクスとアウトカムの接続にトライ!開発プロセスを通して計測できるメトリクスの活用方法
ham0215
1
190
**強い**エンジニアのなり方 - フィードバックサイクルを勝ち取る / grow one day each day
soudai
61
18k
2024/4/26 コンピュータ歴史博物館解説告知
toshi_atsumi
0
200
The AI Revolution Will Not Be Monopolized: How open-source beats economies of scale, even for LLMs (QCon London)
inesmontani
PRO
1
150
Vertex AI を中心に 生成AIのアップデートを共有します
kaz1437
0
120
元インフラエンジニアに成る / Human Resources to Human Relations
bobtani
3
780
OpenTelemetry を使ったトレースエグザンプラーの活用 / otel-trace-exemplar
k6s4i53rx
2
630
Oracle Cloud Infrastructure:2024年4月度サービス・アップデート
oracle4engineer
PRO
1
110
スタートアップの技術顧問を3年間続けて発生した事と気付き
biwakonbu
0
160
Featured
See All Featured
The Art of Programming - Codeland 2020
erikaheidi
41
12k
Navigating Team Friction
lara
177
13k
How GitHub (no longer) Works
holman
304
140k
Why You Should Never Use an ORM
jnunemaker
PRO
50
8.6k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
15
1.4k
Docker and Python
trallard
33
2.7k
GraphQLの誤解/rethinking-graphql
sonatard
50
9.2k
Code Reviewing Like a Champion
maltzj
513
39k
How To Stay Up To Date on Web Technology
chriscoyier
782
250k
In The Pink: A Labor of Love
frogandcode
138
21k
Intergalactic Javascript Robots from Outer Space
tanoku
266
26k
StorybookのUI Testing Handbookを読んだ
zakiyama
11
4.6k
Transcript
Securing your software supply chain Anatomie einer DevSecOps Pipeline 1
Storytime 2
3 The way of the Code
The castle illusion 4
5 The way of the Code
6 The way of the Code
Code reviews 7
Signing git commits 8
9 The way of the Code
The dependency iceberg 10
Automation is king 11 • FindBugs • SonarQube • SAST/DAST
• Maven, NPM, ... • Container Images • Operating System • npm audit • Dependabot • Renovate Source Code Analysis Dependency Analysis Update Automation
12 The way of the Code
13 The key to the kingdom
14 Current situation deploy
15 Zero-Trust Deployment IAM deploy poll
16 Policy trumps checks IAM deploy poll
codecentric AG Kreuznacher Straße 30 60486 Frankfurt am Main Telefon:
+49 (0) 173.731 02 40 Nicolas Byl Senior Cloud Consultant
[email protected]
www.codecentric.de Innovative - Trustful - Competent - Pragmatic 17
nbyl
meihei3
danielbryantuk
lycorptech_jp
ham0215
soudai
toshi_atsumi
inesmontani
kaz1437
bobtani
k6s4i53rx
oracle4engineer
biwakonbu
erikaheidi
lara
holman
jnunemaker
bcantrill
trallard
sonatard
maltzj
chriscoyier
frogandcode
tanoku
zakiyama
