Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Securing your software supply chain
Search
Nicolas Byl
April 17, 2020
Technology
0
360
Securing your software supply chain
Nicolas Byl
April 17, 2020
Tweet
Share
More Decks by Nicolas Byl
See All by Nicolas Byl
Platform Engineering ❤️ Developer Experience
nbyl
0
7
Die Flucht aus der Prototypen-Hölle
nbyl
0
43
Lean Prototyping for Industrial-IoT Projects
nbyl
0
43
DevSecOps - Vom Unikum zur gut geölten Maschine
nbyl
0
99
Keeping-Up-WithUpstream.pdf
nbyl
0
160
Dr. Kube und der Helm - Anatomie einer CD-Pipeline
nbyl
0
120
Securing the "other" supply chain
nbyl
0
270
Kubernetes - Auf die Cluster, Fertig, Los!
nbyl
0
190
Helm - Kubernetes Deployments richtig gemacht
nbyl
0
130
Other Decks in Technology
See All in Technology
AWS Top Engineer、浮いてませんか? / As an AWS Top Engineer, Are You Out of Place?
yuj1osm
2
220
物体検出モデルでシイタケの収穫時期を自動判定してみた。 #devio2025
lamaglama39
0
150
Introduction to Sansan Meishi Maker Development Engineer
sansan33
PRO
0
310
名刺メーカーDevグループ 紹介資料
sansan33
PRO
0
930
20251014_Pythonを実務で徹底的に使いこなした話
ippei0923
0
200
カンファレンスに託児サポートがあるということ / Having Childcare Support at Conferences
nobu09
1
580
[Keynote] What do you need to know about DevEx in 2025
salaboy
0
180
アイテムレビュー機能導入からの学びと改善
zozotech
PRO
0
170
Contract One Engineering Unit 紹介資料
sansan33
PRO
0
8.8k
Introduction to Sansan, inc / Sansan Global Development Center, Inc.
sansan33
PRO
0
2.8k
Railsの話をしよう
yahonda
0
150
これがLambdaレス時代のChatOpsだ!実例で学ぶAmazon Q Developerカスタムアクション活用法
iwamot
PRO
8
1.1k
Featured
See All Featured
The Cult of Friendly URLs
andyhume
79
6.6k
Automating Front-end Workflow
addyosmani
1371
200k
GraphQLの誤解/rethinking-graphql
sonatard
73
11k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
140
34k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
16
1.7k
Principles of Awesome APIs and How to Build Them.
keavy
127
17k
Learning to Love Humans: Emotional Interface Design
aarron
274
41k
What's in a price? How to price your products and services
michaelherold
246
12k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
35
6.1k
How GitHub (no longer) Works
holman
315
140k
A better future with KSS
kneath
239
18k
Designing Experiences People Love
moore
142
24k
Transcript
Securing your software supply chain Anatomie einer DevSecOps Pipeline 1
Storytime 2
3 The way of the Code
The castle illusion 4
5 The way of the Code
6 The way of the Code
Code reviews 7
Signing git commits 8
9 The way of the Code
The dependency iceberg 10
Automation is king 11 • FindBugs • SonarQube • SAST/DAST
• Maven, NPM, ... • Container Images • Operating System • npm audit • Dependabot • Renovate Source Code Analysis Dependency Analysis Update Automation
12 The way of the Code
13 The key to the kingdom
14 Current situation deploy
15 Zero-Trust Deployment IAM deploy poll
16 Policy trumps checks IAM deploy poll
codecentric AG Kreuznacher Straße 30 60486 Frankfurt am Main Telefon:
+49 (0) 173.731 02 40 Nicolas Byl Senior Cloud Consultant
[email protected]
www.codecentric.de Innovative - Trustful - Competent - Pragmatic 17
nbyl
yuj1osm
.jpg){kind=avatar}
lamaglama39
sansan33
ippei0923
nobu09
salaboy
zozotech
yahonda
iwamot
andyhume
addyosmani
sonatard
eileencodes
reverentgeek
keavy
aarron
michaelherold
kevinliebholz
holman
kneath
moore
