Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Securing your software supply chain
Search
Nicolas Byl
April 17, 2020
Technology
0
350
Securing your software supply chain
Nicolas Byl
April 17, 2020
Tweet
Share
More Decks by Nicolas Byl
See All by Nicolas Byl
Die Flucht aus der Prototypen-Hölle
nbyl
0
41
Lean Prototyping for Industrial-IoT Projects
nbyl
0
38
DevSecOps - Vom Unikum zur gut geölten Maschine
nbyl
0
88
Keeping-Up-WithUpstream.pdf
nbyl
0
150
Dr. Kube und der Helm - Anatomie einer CD-Pipeline
nbyl
0
110
Securing the "other" supply chain
nbyl
0
250
Kubernetes - Auf die Cluster, Fertig, Los!
nbyl
0
170
Helm - Kubernetes Deployments richtig gemacht
nbyl
0
120
It's the developers, stupid!
nbyl
0
180
Other Decks in Technology
See All in Technology
マルチテナント+マルチプロダクト SaaS への AI Agent の組み込み方
kworkdev
PRO
2
350
kotlin-lsp を Emacs で使えるようにしてみた / use kotlin-lsp in Emacs
nabeo
0
150
Agentic DevOps時代の生存戦略
kkamegawa
0
380
Introduction to Sansan for Engineers / エンジニア向け会社紹介
sansan33
PRO
5
38k
Tensix Core アーキテクチャ解説
tenstorrent_japan
0
360
AWS全冠したので振りかえってみる
tajimon
0
140
Workflows から Agents へ ~ 生成 AI アプリの成長過程とアプローチ~
belongadmin
3
160
JSX - 歴史を振り返り、⾯⽩がって、エモくなろう
pal4de
3
910
AIにどこまで任せる?実務で使える(かもしれない)AIエージェント設計の考え方
har1101
3
1.1k
キャディでのApache Iceberg, Trino採用事例 -Apache Iceberg and Trino Usecase in CADDi--
caddi_eng
0
150
Amplifyとゼロからはじめた AIコーディング 成果と展望
mkdev10
1
260
本部長の代わりに提案書レビュー! KDDI営業が毎日使うAIエージェント「A-BOSS」開発秘話
minorun365
PRO
14
1.8k
Featured
See All Featured
Imperfection Machines: The Place of Print at Facebook
scottboms
267
13k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
15
1.5k
The Cult of Friendly URLs
andyhume
79
6.4k
Bash Introduction
62gerente
614
210k
How to Think Like a Performance Engineer
csswizardry
24
1.7k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
107
19k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
26k
Unsuck your backbone
ammeep
671
58k
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
16
920
Making Projects Easy
brettharned
116
6.2k
Adopting Sorbet at Scale
ufuk
77
9.4k
Optimising Largest Contentful Paint
csswizardry
37
3.3k
Transcript
Securing your software supply chain Anatomie einer DevSecOps Pipeline 1
Storytime 2
3 The way of the Code
The castle illusion 4
5 The way of the Code
6 The way of the Code
Code reviews 7
Signing git commits 8
9 The way of the Code
The dependency iceberg 10
Automation is king 11 • FindBugs • SonarQube • SAST/DAST
• Maven, NPM, ... • Container Images • Operating System • npm audit • Dependabot • Renovate Source Code Analysis Dependency Analysis Update Automation
12 The way of the Code
13 The key to the kingdom
14 Current situation deploy
15 Zero-Trust Deployment IAM deploy poll
16 Policy trumps checks IAM deploy poll
codecentric AG Kreuznacher Straße 30 60486 Frankfurt am Main Telefon:
+49 (0) 173.731 02 40 Nicolas Byl Senior Cloud Consultant
[email protected]
www.codecentric.de Innovative - Trustful - Competent - Pragmatic 17
nbyl
kworkdev
nabeo
kkamegawa
sansan33
tenstorrent_japan
tajimon
belongadmin
pal4de
har1101
caddi_eng
mkdev10
minorun365
scottboms
reverentgeek
andyhume
62gerente
csswizardry
panda_program
cassininazir
ammeep
sergeychernyshev
brettharned
ufuk
