Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Securing your software supply chain
Search
Nicolas Byl
April 17, 2020
Technology
380
0
Share
Securing your software supply chain
Nicolas Byl
April 17, 2020
More Decks by Nicolas Byl
See All by Nicolas Byl
Platform Engineering ❤️ Developer Experience
nbyl
0
43
Die Flucht aus der Prototypen-Hölle
nbyl
0
52
Lean Prototyping for Industrial-IoT Projects
nbyl
0
71
DevSecOps - Vom Unikum zur gut geölten Maschine
nbyl
0
120
Keeping-Up-WithUpstream.pdf
nbyl
0
180
Dr. Kube und der Helm - Anatomie einer CD-Pipeline
nbyl
0
140
Securing the "other" supply chain
nbyl
0
300
Kubernetes - Auf die Cluster, Fertig, Los!
nbyl
0
210
Helm - Kubernetes Deployments richtig gemacht
nbyl
0
140
Other Decks in Technology
See All in Technology
不確実性と戦いながら見積もりを作成するプロセス/mitsumori-process
hirodragon112
1
190
試されDATA SAPPORO [LT]Claude Codeで「ゆっくりデータ分析」
ishikawa_satoru
0
280
AI前提とはどういうことか
daisuketakeda
0
140
AIを活用したアクセシビリティ改善フロー
degudegu2510
1
150
ふりかえりがなかった職能横断チームにふりかえりを導入してみて学んだこと 〜チームのふりかえりを「みんなで未来を考える場」にするプロローグ設計〜
masahiro1214shimokawa
0
160
Cortex Codeでデータの仕事を全部Agenticにやりきろう!
gappy50
0
320
建設的な現実逃避のしかた / How to practice constructive escapism
pauli
4
280
Oracle AI Databaseデータベース・サービス: BaseDB/ExaDB-Dの可用性
oracle4engineer
PRO
1
140
フルカイテン株式会社 エンジニア向け採用資料
fullkaiten
0
11k
Oracle Cloud Infrastructure(OCI):Onboarding Session(はじめてのOCI/Oracle Supportご利⽤ガイド)
oracle4engineer
PRO
2
17k
2026年度新卒技術研修 サイバーエージェントのデータベース 活用事例とパフォーマンス調査入門
cyberagentdevelopers
PRO
1
1.5k
自分をひらくと次のチャレンジの敷居が下がる
sudoakiy
5
1.9k
Featured
See All Featured
Leading Effective Engineering Teams in the AI Era
addyosmani
9
1.8k
How to Grow Your eCommerce with AI & Automation
katarinadahlin
PRO
1
160
Raft: Consensus for Rubyists
vanstee
141
7.4k
The Organizational Zoo: Understanding Human Behavior Agility Through Metaphoric Constructive Conversations (based on the works of Arthur Shelley, Ph.D)
kimpetersen
PRO
0
300
The SEO Collaboration Effect
kristinabergwall1
0
420
Sam Torres - BigQuery for SEOs
techseoconnect
PRO
0
230
A Soul's Torment
seathinner
5
2.6k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
52
5.9k
So, you think you're a good person
axbom
PRO
2
2k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
122
21k
HU Berlin: Industrial-Strength Natural Language Processing with spaCy and Prodigy
inesmontani
PRO
0
310
Music & Morning Musume
bryan
47
7.1k
Transcript
Securing your software supply chain Anatomie einer DevSecOps Pipeline 1
Storytime 2
3 The way of the Code
The castle illusion 4
5 The way of the Code
6 The way of the Code
Code reviews 7
Signing git commits 8
9 The way of the Code
The dependency iceberg 10
Automation is king 11 • FindBugs • SonarQube • SAST/DAST
• Maven, NPM, ... • Container Images • Operating System • npm audit • Dependabot • Renovate Source Code Analysis Dependency Analysis Update Automation
12 The way of the Code
13 The key to the kingdom
14 Current situation deploy
15 Zero-Trust Deployment IAM deploy poll
16 Policy trumps checks IAM deploy poll
codecentric AG Kreuznacher Straße 30 60486 Frankfurt am Main Telefon:
+49 (0) 173.731 02 40 Nicolas Byl Senior Cloud Consultant
[email protected]
www.codecentric.de Innovative - Trustful - Competent - Pragmatic 17
nbyl
hirodragon112
ishikawa_satoru
daisuketakeda
degudegu2510
masahiro1214shimokawa
gappy50
pauli
oracle4engineer
fullkaiten
cyberagentdevelopers
sudoakiy
addyosmani
katarinadahlin
vanstee
kimpetersen
kristinabergwall1
techseoconnect
seathinner
reverentgeek
axbom
panda_program
inesmontani
bryan
