Securing yoursoftware supplychainAnatomie einer DevSecOpsPipeline1
View Slide
Storytime2
3The way of the Code
The castle illusion4
5The way of the Code
6The way of the Code
Code reviews7
Signing git commits8
9The way of the Code
The dependencyiceberg10
Automation is king11• FindBugs• SonarQube• SAST/DAST• Maven, NPM, ...• Container Images• Operating System• npm audit• Dependabot• RenovateSource Code Analysis Dependency Analysis Update Automation
12The way of the Code
13The key to the kingdom
14Current situationdeploy
15Zero-Trust DeploymentIAM deploypoll
16Policy trumps checksIAM deploypoll
codecentric AGKreuznacher Straße 3060486 Frankfurt am MainTelefon: +49 (0) 173.731 02 40Nicolas BylSenior Cloud Consultant[email protected]www.codecentric.deInnovative - Trustful - Competent - Pragmatic17