Developer-First Security という考え方 / Introduction to Developer-First Security

by Takashi Yoneuchi

Slide 1

Slide 1 text

%FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ -0$"-%FWFMPQFS%BZ0OMJOF`4FDVSJUZ :0/&6$)* 5BLBTIJ IUUQTTIJGUKTJOGP

Slide 2

Slide 2 text

TIJGUKTJOGP %FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ XIPBNJ ৄࡉ͸IUUQTTIJGUKTJOGPʹ͋Γ·͢ ‣ ถ಺وࢤ :0/&6$)* 5BLBTIJ ‣ גࣜձࣾ'MBUU4FDVSJUZࣥߦ໾һ$50 ‣ ʮ։ൃऀͷͨΊͷɺ։ൃऀʹدΓఴͬͨηΩϡ ϦςΟʯΛୈҰٛͱͯ͠ಇ͍͍ͯ·͢ ‣ ੈͷதͷʢಛʹΠϯϋ΢εͷʣϓϩμΫτνʔ Ϝ͕҆৺ͯ͠ಇ͚ΔੈքΛ࡞Γ͍ͨͰ͢ ‣ ஶॻͳͲ ‣ ʰ8FCϒϥ΢βηΩϡϦςΟʱ ‣ ʰৄղηΩϡϦςΟίϯςετʱ ‣ ๺ւಓ۴࿏ࢢग़਎

Slide 3

Slide 3 text

TIJGUKTJOGP %FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ ‣ ࢲ͕ॳΊͯࢀՃٕͨ͠ज़ษڧձ͸-%%'BMMʢ۴࿏։࠵ʣͰͨ͠😌 ‣ ͋Ε͔Β೥ޙͷ͍·ɺ·ͨ͜͏͍͏ܗͰؔΘΕ͍ͯΔͷ͕خ͍͠Ͱ͢ɻ ࢲͱ-0$"-%&7&-01&3%": IUUQTMNUTXBMMPXIBUFOBEJBSZPSHFOUSZ

Slide 4

Slide 4 text

TIJGUKTJOGP %FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ

Slide 5

Slide 5 text

TIJGUKTJOGP %FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ 🤔 ͜Ε͸Կʁ

Slide 6

Slide 6 text

TIJGUKTJOGP %FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ %FWFMPQFS'JSTU4FDVSJUZͱ͸ ‣ ։ൃऀͷ׆ಈݍʹͱ͚͜ΜͰ͍͘4FDVSJUZ ‣ ։ൃऀͷٕज़ελοΫʹͱ͚͜ΜͰ͍͘4FDVSJUZ ‣ ։ൃऀͷखݩʹͱ͚͜ΜͰ͍͘4FDVSJUZ 1 2 3 ࠓ೔࿩͢͜ͱʢͷ಄ग़͠ʣ %FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ-0$"-%FWFMPQFS%BZ0OMJOF`4FDVSJUZ

Slide 7

Slide 7 text

TIJGUKTJOGP %FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ αΠόʔηΩϡϦςΟྖҬ͸޿େ 5IF.BQPG$ZCFSTFDVSJUZ%PNBJOTΑΓҾ༻ IUUQTXXXMJOLFEJODPNQVMTFDZCFSTFDVSJUZEPNBJONBQWFSIFOSZKJBOH

Slide 8

Slide 8 text

TIJGUKTJOGP %FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ ։ൃऀ ηΩϡϦςΟ ܥͷ؅ཧ෦໳ ίʔϙϨʔτ*5 ෦໳ ӡ༻ऀ ηΩϡϦςΟ ݚڀऀ ؂ࠪ ΝʔϜ ඪ४Խஂମ $*40΍ ͦͷଞܦӦ૚ ߈ܸऀ ൜ࡑ૊৫ ࠃՈ ڭҭऀ ৘ใηΩϡϦςΟʹ͸ ༷ʑͳΞΫλʔ͕ଘࡏ ηΩϡϦςΟ ϕϯμ

Slide 9

Slide 9 text

TIJGUKTJOGP %FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ ։ൃऀ ηΩϡϦςΟ ܥͷ؅ཧ෦໳ ίʔϙϨʔτ*5 ෦໳ ӡ༻ऀ ηΩϡϦςΟ ݚڀऀ ؂ࠪ ΝʔϜ $*40΍ ͦͷଞܦӦ૚ ߈ܸऀ ൜ࡑ૊৫ ࠃՈ ৘ใηΩϡϦςΟʹ͸ ༷ʑͳΞΫλʔ͕ଘࡏ ηΩϡϦςΟ ϕϯμ ڭҭऀ ඪ४Խஂମ ͜Ε·Ͱࣗ෼͕ ޲͖߹͖ͬͯͨ͜ͱ

Slide 10

Slide 10 text

TIJGUKTJOGP %FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ ։ൃऀ ηΩϡϦςΟ ܥͷ؅ཧ෦໳ ίʔϙϨʔτ*5 ෦໳ ӡ༻ऀ ηΩϡϦςΟ ݚڀऀ ؂ࠪ ΝʔϜ $*40΍ ͦͷଞܦӦ૚ ߈ܸऀ ൜ࡑ૊৫ ࠃՈ ৘ใηΩϡϦςΟʹ͸ ༷ʑͳΞΫλʔ͕ଘࡏ ηΩϡϦςΟ ϕϯμ IUUQTGMBUUUFDILFOSP ڭҭऀ ඪ४Խஂମ ͜Ε·Ͱࣗ෼͕ ޲͖߹͖ͬͯͨ͜ͱ

Slide 11

Slide 11 text

TIJGUKTJOGP %FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ ։ൃऀ ηΩϡϦςΟ ܥͷ؅ཧ෦໳ ίʔϙϨʔτ*5 ෦໳ ӡ༻ऀ ηΩϡϦςΟ ݚڀऀ ؂ࠪ ΝʔϜ ηΩϡϦςΟ ϕϯμ $*40΍ ͦͷଞܦӦ૚ ߈ܸऀ ൜ࡑ૊৫ ࠃՈ ڭҭऀ ৘ใηΩϡϦςΟʹ͸ ༷ʑͳΞΫλʔ͕ଘࡏ ඪ४Խஂମ ͜Ε·Ͱࣗ෼͕ ޲͖߹͖ͬͯͨ͜ͱ

Slide 12

Slide 12 text

TIJGUKTJOGP %FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ ։ൃऀ ηΩϡϦςΟ ܥͷ؅ཧ෦໳ ίʔϙϨʔτ*5 ෦໳ ӡ༻ऀ ηΩϡϦςΟ ݚڀऀ ؂ࠪ ΝʔϜ ηΩϡϦςΟ ϕϯμ $*40΍ ͦͷଞܦӦ૚ ߈ܸऀ ൜ࡑ૊৫ ࠃՈ ڭҭऀ ৘ใηΩϡϦςΟʹ͸ ༷ʑͳΞΫλʔ͕ଘࡏ IUUQTCVHTDISPNJVNPSHQDISPNJVNJTTVFTEFUBJM JE IUUQTQPSUTXJHHFSOFUEBJMZTXJHCMJOESFHFYJOKFDUJPOUIFPSFUJDBM FYQMPJUPGGFSTOFXXBZUPGPSDFXFCBQQTUPTQJMMTFDSFUT ඪ४Խஂମ ͜Ε·Ͱࣗ෼͕ ޲͖߹͖ͬͯͨ͜ͱ

Slide 13

Slide 13 text

TIJGUKTJOGP %FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ ։ൃऀ ηΩϡϦςΟ ܥͷ؅ཧ෦໳ ίʔϙϨʔτ*5 ෦໳ ӡ༻ऀ ηΩϡϦςΟ ݚڀऀ ؂ࠪ ΝʔϜ ηΩϡϦςΟ ϕϯμ $*40΍ ͦͷଞܦӦ૚ ߈ܸऀ ൜ࡑ૊৫ ࠃՈ ৘ใηΩϡϦςΟʹ͸ ༷ʑͳΞΫλʔ͕ଘࡏ ڭҭऀ ඪ४Խஂମ ͜Ε·Ͱࣗ෼͕ ޲͖߹͖ͬͯͨ͜ͱ

Slide 14

Slide 14 text

TIJGUKTJOGP %FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ ։ൃऀ ηΩϡϦςΟ ܥͷ؅ཧ෦໳ ίʔϙϨʔτ*5 ෦໳ ӡ༻ऀ ηΩϡϦςΟ ݚڀऀ ؂ࠪ ΝʔϜ ηΩϡϦςΟ ϕϯμ $*40΍ ͦͷଞܦӦ૚ ߈ܸऀ ൜ࡑ૊৫ ࠃՈ ৘ใηΩϡϦςΟʹ͸ ༷ʑͳΞΫλʔ͕ଘࡏ IUUQTGMBUUUFDIBTTFTTNFOUEFUBJM ڭҭऀ ඪ४Խஂମ ͜Ε·Ͱࣗ෼͕ ޲͖߹͖ͬͯͨ͜ͱ

Slide 15

Slide 15 text

TIJGUKTJOGP %FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ ։ൃऀ ηΩϡϦςΟ ܥͷ؅ཧ෦໳ ίʔϙϨʔτ*5 ෦໳ ӡ༻ऀ ηΩϡϦςΟ ݚڀऀ ؂ࠪ ΝʔϜ $*40΍ ͦͷଞܦӦ૚ ߈ܸऀ ൜ࡑ૊৫ ࠃՈ ৘ใηΩϡϦςΟʹ͸ ༷ʑͳΞΫλʔ͕ଘࡏ ηΩϡϦςΟ ϕϯμ ڭҭऀ ඪ४Խஂମ TIJGUKTJOGP %FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ ͜Ε·Ͱࣗ෼͕ ޲͖߹͖ͬͯͨ͜ͱ

Slide 16

Slide 16 text

Slide 17

Slide 17 text

Slide 18

Slide 18 text

TIJGUKTJOGP %FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ ίʔϙϨʔτ*5 ෦໳ ηΩϡϦςΟ ܥͷ؅ཧ෦໳ ৘ใηΩϡϦςΟʹ͸ ༷ʑͳΞΫλʔ͕ଘࡏ ։ൃऀ ӡ༻ऀ ηΩϡϦςΟ ݚڀऀ ؂ࠪ ΝʔϜ ඪ४Խஂମ ઃܭऀ $*40΍ ͦͷଞܦӦ૚ ߈ܸऀ ൜ࡑ૊৫ ࠃՈ γϑτϨϑτΛਪ͠ਐΊΔͱ ࠨͷ΄͏ʹ͍Δઃܭɾ։ൃऀʹ͍͍ۙͮͯ͘ ηΩϡϦςΟ ϕϯμ ڭҭऀ ܦݧΛܦͯಘͨ খ͞ͳؾ෇͖

Slide 19

Slide 19 text

TIJGUKTJOGP %FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ ίʔϙϨʔτ*5 ෦໳ ηΩϡϦςΟ ܥͷ؅ཧ෦໳ ৘ใηΩϡϦςΟʹ͸ ༷ʑͳΞΫλʔ͕ଘࡏ ։ൃऀ ӡ༻ऀ ηΩϡϦςΟ ݚڀऀ ؂ࠪ ΝʔϜ ඪ४Խஂମ ઃܭऀ $*40΍ ͦͷଞܦӦ૚ ߈ܸऀ ൜ࡑ૊৫ ࠃՈ γϑτϨϑτΛਪ͠ਐΊΔͱ ࠨͷ΄͏ʹ͍Δઃܭɾ։ൃऀʹ͍͍ۙͮͯ͘ ʜ͕ɺ௕Β͘ʮΈΜͳ౰ͨΓલʹ࢖͏΋ͷʯ͸ੜ·Εͯ͜ͳ͔ͬͨ ηΩϡϦςΟ ϕϯμ ڭҭऀ ܦݧΛܦͯಘͨ খ͞ͳؾ෇͖

Slide 20

Slide 20 text

TIJGUKTJOGP %FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ ‣ ͙͢࢖͑ͳ͍ɾཁٻίετ͕ലେ 1 ηΩϡϦςΟϓϩμΫτʹΑ͋͘Δ՝୊ ‣ 69͕ৗਓ޲͚Ͱ͸ͳ͍ 2 ‣ ։ൃऀͷ؀ڥʹͳ͡·ͳ͍ 3

Slide 21

Slide 21 text

TIJGUKTJOGP %FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ ελʔτΞοϓͷ༂ਐ IUUQTSDEFWCMPHSDTFSJFTCGVOEJOH IUUQTTOZLJPOFXTTOZLBEWBODFTEFWFMPQFSGJSTUTFDVSJUZXJUITFSJFTFJOWFTUNFOU ͦΜͳதɺۙ೥͸։ൃऀ޲͚ͷηΩϡϦςΟϓϩμΫτͰ େ͖ͳ੒௕Λ਱͛ΔελʔτΞοϓ΋ݱΕΔΑ͏ʹ

Slide 22

Slide 22 text

Slide 23

Slide 23 text

TIJGUKTJOGP %FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ ‣ ։ൃऀͷ׆ಈݍʹͱ͚͜ΜͰ͍͘ ‣ ։ൃऀͷٕज़ελοΫʹͱ͚͜ΜͰ͍͘ ‣ ։ൃऀͷखݩʹͱ͚͜ΜͰ͍͘ ༂ਐΛ਱͛Δ൴Βʹڞ௨͢Δͷ͸ ҎԼͷΑ͏ͳ%FWFMPQFS'JSTUͳߟ͑ํ 1 2 3 ϙΠϯτ

Slide 24

Slide 24 text

։ൃऀͷ׆ಈݍʹͱ͚͜Ή ηΩϡϦςΟϓϩμΫτ $IBQUFS

Slide 25

Slide 25 text

TIJGUKTJOGP %FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ ‣ ։ൃऀͷ׆ಈݍʹͱ͚͜ΜͰ͍͘ ༂ਐΛ਱͛Δ൴Βʹڞ௨͢Δͷ͸ ҎԼͷΑ͏ͳ%FWFMPQFS'JSTUͳߟ͑ํ ϙΠϯτ ‣ ։ൃऀͷٕज़ελοΫʹͱ͚͜ΜͰ͍͘ ‣ ։ൃऀͷखݩʹͱ͚͜ΜͰ͍͘ 1 2 3

Slide 26

Slide 26 text

TIJGUKTJOGP %FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ ‣ ։ൃऀͷීஈͷϫʔΫϑϩʔ͔Β֎ΕΔͱɺश׳తͳར༻ʹ͸ͭͳ͕Βͳ͍ ‣ ։ൃऀͷηΩϡϦςΟ΁ͷؔ৺΍ߦಈΛҾ͖ग़͢ʹ͸ɺ։ൃऀͷ׆ಈݍͷதʹ͏ ·͘૊ΈࠐΊΔ͜ͱ͕લఏͰ͋Δͱࢥͬͯ΋Α͍ ։ൃऀͷ׆ಈݍͷத΁ ։ൃऀ

Slide 27

Slide 27 text

TIJGUKTJOGP %FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ 4OZL ։ൃऀͷ׆ಈݍ΁ͷੵۃతͳࢀೖ ίʔυϗεςΟϯάαʔϏεͱ͏·͘࿈ܞͯ͠ վળͷΞΫγϣϯ·ͰΛαϙʔτ

Slide 28

Slide 28 text

TIJGUKTJOGP %FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ (JU)VC ։ൃऀͷ׆ಈݍ΁ͷੵۃతͳࢀೖ ։ൃऀͷ׆ಈݍͷத৺Ͱ ਺ଟ͘ͷηΩϡϦςΟػೳΛల։

Slide 29

Slide 29 text

TIJGUKTJOGP %FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ (JU)VC ։ൃऀͷ׆ಈݍ΁ͷੵۃతͳࢀೖ मਖ਼ͷ1VMM3FRVFTUԽ·Ͱαϙʔτ

Slide 30

Slide 30 text

TIJGUKTJOGP %FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ 4UBDL)BXL ։ൃऀͷ׆ಈݍ΁ͷੵۃతͳࢀೖ $*ͷதʹͰ͖Δ͚ͩ׈Β͔ʹ%"45Λར༻Ͱ͖ΔΑ͏ͳ࢓૊Έ

Slide 31

Slide 31 text

։ൃऀͷٕज़ελοΫʹͱ͚͜Ή ηΩϡϦςΟϓϩμΫτ $IBQUFS

Slide 32

Slide 32 text

Slide 33

Slide 33 text

TIJGUKTJOGP %FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ ‣ Ϋϥ΢υωΠςΟϒٕज़पล͸ۙ೥੝Γ্͕ΓΛݟ͍ͤͯΔ ‣ ͜ͷΑ͏ͳٕज़ಛ༗ͷ՝୊ͷղܾ΍ɺ͜ͷΑ͏ͳٕज़ελοΫͷ্͔ͩΒͦ͜Մ ೳͱͳΔηΩϡϦςΟϓϥΫςΟεͷ࣮ݱͷͨΊʹɺଟ͘ͷϓϨΠϠʔ͕ࢀೖத Ϋϥ΢υωΠςΟϒٕज़ͱͷ༥࿨ IUUQTXXXQBMPBMUPOFUXPSLTDPN QSJTNBDMPVE IUUQTXXX[TDBMFSDPNQSPEVDUT [TDBMFSDMPVEQSPUFDUJPO IUUQTPSDBTFDVSJUZ IUUQTXXXBRVBTFDDPN ;TDBMFS $MPVE1SPUFDUJPO 1SJTNB$MPVE "RVB4FDVSJUZ 0SDB4FDVSJUZ

Slide 34

Slide 34 text

TIJGUKTJOGP %FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ ։ൃऀʹدΓఴͬͨମݧ ଟ͘ͷπʔϧΛ044ͱͯ͠ల։͠ɺ ίϛϡχςΟʹڧ͘ߩݙ͍ͯ͠Δ

Slide 35

Slide 35 text

TIJGUKTJOGP %FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ ೝূॲཧͷαʔϏεԽ IUUQTXXXBVUIMFUFDPN IUUQTBVUIDPN IUUQTB[VSFNJDSPTPGUDPNFOVTTFSWJDFTBDUJWF EJSFDUPSZFYUFSOBMJEFOUJUJFTCD ೝূʹؔ͢Δཁ݅͸Α͘ෳࡶʹͳΔ࣮૷͕໰୊ͷԹচʹͳΔ ͜͜Λ͏·͘ࢧ͑ΔϓϥοτϑΥʔϜ͕༻ྫΛ૿΍͍ͯ͠Δ "[VSF"%#$ "VUI "VUIMFUF

Slide 36

Slide 36 text

TIJGUKTJOGP %FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ ։ൃऀʹدΓఴͬͨମݧ ແྉ൛͸౰વͷΑ͏ʹɾ௚ͪʹ࢖͑Δ ࣮Ϣʔεέʔεผʹίʔυྫ΋ఏڙ

Slide 37

Slide 37 text

TIJGUKTJOGP %FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ ೝՄॲཧͷαʔϏεԽ IUUQTTBOENBOIFSPLVBQQDPN IUUQTBVUI[FEDPN IUUQTCVJMETFDVSJUZ ॊೈͳೝՄΛ؆ܿʹ࣮૷͢ΔͨΊͷίϯϙʔωϯτΛ ఏڙ͢Δ໺৺తͳاۀ΋ݱΕ͍ͯΔ CVJMETFDVSJUZ BVUI[FE 1SPKFDU4BOEDBTUMF "VUI

Slide 38

Slide 38 text

։ൃऀͷखݩʹͱ͚͜Ή ηΩϡϦςΟϓϩμΫτ $IBQUFS

Slide 39

Slide 39 text

Slide 40

Slide 40 text

TIJGUKTJOGP %FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ ։ൃऀ ηΩϡϦςΟ ܥͷ؅ཧ෦໳ ίʔϙϨʔτ*5 ෦໳ ӡ༻ऀ ηΩϡϦςΟ ݚڀऀ ؂ࠪ ΝʔϜ ඪ४Խஂମ ઃܭऀ $*40΍ ͦͷଞܦӦ૚ ߈ܸऀ ൜ࡑ૊৫ ࠃՈ %FW0QT͸͜ͷΞΫλʔؒͷ ༥࿨ͷͨΊͷϓϥΫςΟε ৘ใηΩϡϦςΟʹ͸ ༷ʑͳΞΫλʔ͕ଘࡏ ηΩϡϦςΟ ϕϯμ ڭҭऀ

Slide 41

Slide 41 text

TIJGUKTJOGP %FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ ‣ %FW0QTͷՃ଎͸0QTʢӡ༻νʔϜʣͷऔΓѻ͍ͬͯͨ΋ͷ͕ιϑτ΢ΣΞత ʹऔΓѻ͑ΔΑ͏ʹͳͬͨ͜ͱɺͱΓΘ͚ίʔυͰදݱՄೳͳ΋ͷʹมԽͨ͜͠ ͱʹେ͖͘ࢧ͑ΒΕ͍ͯΔͱ͍ͬͯ΋աݴͰ͸ͳ͍ɻ %FW0QTͷਐԽΛࢧٕ͑ͨज़ resource "google_container_cluster" "challenge_cluster" { name = "challenges" location = "asia-northeast1" initial_node_count = 1 cluster_autoscaling { enabled = true resource_limits { resource_type = "cpu" minimum = 3 maximum = 32 } resource_limits { resource_type = "memory" minimum = 3 maximum = 32 } } ...

Slide 42

Slide 42 text

TIJGUKTJOGP %FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ ։ൃऀ ηΩϡϦςΟ ܥͷ؅ཧ෦໳ ίʔϙϨʔτ*5 ෦໳ ӡ༻ऀ ηΩϡϦςΟ ݚڀऀ ؂ࠪ ΝʔϜ $*40΍ ͦͷଞܦӦ૚ ߈ܸऀ ൜ࡑ૊৫ ࠃՈ ৘ใηΩϡϦςΟʹ͸ ༷ʑͳΞΫλʔ͕ଘࡏ ηΩϡϦςΟ ϕϯμ ڭҭऀ %FW4FD0QT͸ ͜ͷลͷ༥࿨ͷͨΊͷϓϥΫςΟε ඪ४Խஂମ

Slide 43

Slide 43 text

TIJGUKTJOGP %FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ ‣ %FW0QTͷՃ଎0QTʢӡ༻νʔϜʣͷऔΓѻ͍ͬͯͨ΋ͷ͕ιϑτ΢ΣΞతʹ औΓѻ͑ΔΑ͏ʹͳͬͨ͜ͱɺͱΓΘ͚ίʔυͰදݱՄೳͳ΋ͷʹมԽͨ͜͠ͱ ʹେ͖͘ࢧ͑ΒΕ͍ͯΔͱ͍ͬͯ΋աݴͰ͸ͳ͍ɻ %FW0QTͷਐԽΛࢧٕ͑ͨज़ resource "google_container_cluster" "challenge_cluster" { name = "challenges" location = "asia-northeast1" initial_node_count = 1 cluster_autoscaling { enabled = true resource_limits { resource_type = "cpu" minimum = 3 maximum = 32 } resource_limits { resource_type = "memory" minimum = 3 maximum = 32 } } ...

Slide 44

Slide 44 text

TIJGUKTJOGP %FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ ‣ 4FDʢηΩϡϦςΟνʔϜʣͷऔΓѻ͍ͬͯͨ΋ͷ͕ιϑτ΢ΣΞతʹऔΓѻ͑ ΔΑ͏ʹͳΔͱ͖ɺ͜ͱίʔυͰදݱՄೳͳ΋ͷʹมԽͨ͠ͱ͖ʹ͸ɺΑΓ %FW΍0QTͱ4FDͱͷ༥࿨͕ਐΈ΍͘͢ͳΔͱ͍͏ྨਪ͕Ͱ͖Δ ‣ ։ൃνʔϜͱηΩϡϦςΟνʔϜͱͷڠಇͷͨΊͷഔମͱͯ͠ίʔυΛհ͢Δ 1PMJDZBT$PEFͱΑ΂ΔΞϓϩʔνΛਪਐ͢ΔϓϩμΫτ΋૿͑ͭͭ͋Δ %FW4FD0QTΛࢧ͑ͭͭ͋Δٕज़ IUUQTBQPMJDZJP IUUQTDZSBMDPN "QPMJDZ $ZSBM

Slide 45

Slide 45 text

TIJGUKTJOGP %FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ 1PMJDZBT$PEF ϙϦγʔͷΠϝʔδ ٕज़తର৅ʹؔ͢ΔϙϦγʔΛίʔυͱͯ͠දݱ͢Δख๏ version: '1' rules: - id: 'unencrypted-ebs-volume' language: hcl message: | There was unencrypted EBS module. pattern: | resource "aws_ebs_volume" :[NAME] { :[...X] } constraints: - target: X should: not-match pattern: | encrypted = true rewrite: | resource "aws_ebs_volume" :[NAME] { :[X] encrypted = true }

Slide 46

Slide 46 text

TIJGUKTJOGP %FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ 0QFO1PMJDZ"HFOU IUUQTXXXPQFOQPMJDZBHFOUPSHEPDTWΑΓҾ༻ ‣ ൚༻ੑͷߴ͍ϙϦγʔΤϯδϯ ‣ 3FHPͱ͍͏%4-ΑΓʹهड़͞ΕͨϙϦ γʔΛݩʹɺ͋Δ৘ใʢ2VFSZʣ͕ϙϦγʔʹ ରͯ͠Ϛον͢Δ͔ͷ൑அʢ%FDJTJPOʣΛߦ͏ ͜ͱ͕Ͱ͖Δ ‣ ൑அͷͨΊͷϩδοΫͱ൑அ݁Ռʹґଘ͢Δ ϩδοΫ͕෼཭͞ΕΔʢ1PMJDZ%FDPVQMJOHʣ ‣ ར༻ྫ ‣ (BUFLFFQFS,VCFSOFUFTϫʔΫϩʔυͷอޢ ͷͨΊͷ࢓૊Έ ‣ $POGUFTU,VCFSOFUFTϚχϑΣετͷςετ ͷͨΊͷπʔϧ

Slide 47

Slide 47 text

TIJGUKTJOGP %FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ (BUFLFFQFS 0QFO1PMJDZ"HFOUΛݩʹͨ͠γεςϜ package deny_host_network violation[{"msg": msg, "details": {}}]{ input.review.object.spec.hostNetwork msg := sprintf("hostNetwork is prohibited", []) } apiVersion: v1 kind: Pod metadata: name: example labels: app: example spec: hostNetwork: true containers: - name: nginx image: nginx ports: - containerPort: 9001 hostPort: 9001 3FHPͰهड़͞ΕͨϙϦγʔ ϙϦγʔʹै͏΂͖,VCFSOFUFT.BOJGFTU $ kubectl apply ...͸ࣦഊ͢Δɻ ະવʹϙϦγʔʹԊΘͳ͍Ϧιʔεͷ ࡞੒Λ๷͙͜ͱ͕Ͱ͖Δ😌

Slide 48

Slide 48 text

Slide 49

Slide 49 text

Slide 50

Slide 50 text

TIJGUKTJOGP %FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ *O4QFD IUUQTHJUIVCDPNJOTQFDJOTQFD Πϯϑϥʹର͢ΔςετΛίʔυͱͯ͠هड़͢ΔͨΊͷπʔϧ

Slide 51

Slide 51 text

TIJGUKTJOGP %FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ 4FNHSFQ IUUQTTFNHSFQEFW ίʔυʹର͢ΔϙϦγʔΛ:".-Ͱهड़ɾݕূͰ͖Δπʔϧ ίϛϡχςΟͰϙϦγʔΛڞ༗͢ΔͨΊͷ࢓૊ΈͳͲ΋ఏڙ IUUQTTFNHSFQEFWS

Slide 52

Slide 52 text

TIJGUKTJOGP %FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ 4IJTIP ίʔυʹର͢ΔϙϦγʔهड़ɾ௒ߴ଎ͳݕূΛՄೳʹ͢Δπʔϧ ͦΕʹجͮ͘αʔϏεʢΛ࡞͍ͬͯ·͢ʣ IUUQTEPDTTIJTIPEFW IUUQTTIJTIPEFW

Slide 53

Slide 53 text

TIJGUKTJOGP %FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ 4IJTIP Α͘ͳ͍ίʔυϓϥΫςΟεΛஔ׵͢Δϧʔϧ ஔ׵ର৅ͷίʔυ 4IJTIPʹΑΔ໰୊ݕग़ͷ༷ࢠ ฏͨ͘ݴ͑͹-JOUFSͷϧʔϧΛ௒؆୯ʹࣗ࡞Ͱ͖Δ΍ͭͰɺ ίʔσΟϯάʹؔ͢ΔόουϓϥΫςΟεΛίʔυԽͰ͖·͢

Slide 54

Slide 54 text

TIJGUKTJOGP %FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ ‣ )BTIJ$PSQ4FOUJOFM͸1PMJDZBT$PEFͷར఺ΛҎԼͷΑ͏ʹ੔ཧ͍ͯ͠Δ IUUQTEPDTIBTIJDPSQDPNTFOUJOFMDPODFQUTQPMJDZBTDPEF ‣ 4BOECPYJOH؀ڥͷΨʔυϨʔϧͱͯ͠ϙϦγʔ͕ར༻Ͱ͖ΔΑ͏ʹͳΔ ‣ $PEJpDBUJPOίʔυԽ͞ΕΔ͜ͱͰϙϦγʔ͕໌֬ʹͳΔ ‣ 7FSTJPO$POUSPMόʔδϣϯ؅ཧͷର৅ʹͳΔ ‣ 5FTUJOHϙϦγʔʹهड़͞Ε͍ͯΔ͜ͱ΋ςετՄೳͳର৅ʹͳΔ ‣ "VUPNBUJPOࣗಈԽπʔϧͰऔΓѻ͑Δର৅ʹͳΔ ‣ 1PMJDZBT$PEF͸ʮηΩϡϦςΟνʔϜͷ஌ݟ΍࢓ࣄΛදݱ͢ΔͨΊͷํ๏ʯ Ͱ͋ΓɺʮηΩϡϦςΟͱ͍͏࢓ࣄͷର৅ԽʯͰ͋Δ 1PMJDZBT$PEF͕΋ͨΒ͢΋ͷ

Slide 55

Slide 55 text

ηΩϡϦςΟΛΤϯδχΞϦϯά͢Δ $IBQUFS

Slide 56

Slide 56 text

TIJGUKTJOGP %FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ ‣ ։ൃऀͷ׆ಈݍʹͱ͚͜ΜͰ͍͘ ‣ ։ൃऀͷٕज़ελοΫʹͱ͚͜ΜͰ͍͘ ‣ ։ൃऀͷखݩʹͱ͚͜ΜͰ͍͘ ༂ਐΛ਱͛Δ൴Βʹڞ௨͢Δͷ͸ ҎԼͷΑ͏ͳ%FWFMPQFS'JSTUͳߟ͑ํ 1 2 3 ৼΓฦΓ

Slide 57

Slide 57 text

TIJGUKTJOGP %FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ ‣ %FW4FD0QT΍γϑτϨϑτΛਪਐ͢Δจ຺ͷதʹ͓͍ͯɺηΩϡϦςΟઐ໳Ո ʹٻΊΒΕΔߦಈ͸ɺগͣͭ͠ม༰͖ͯͨ͠ͷͩͱࢥ͏ ‣ ͜ΕΒͷߦಈ͸ࠓͰ΋୭΋͕౰ͨΓલʹ࣮ફͰ͖͍ͯΔΘ͚Ͱ͸ͳ͍ ‣ ͜Ε͸%FW0QT͕͔ͭͯ౰ͨΓલͰͳ͔ͬͨͷͱಉ͜͡ͱ ‣ ઌड़ͷΑ͏ʹ4FD%FW0QTΛ༥࿨͢ΔͨΊͷςΫϊϩδͷෆ଍ͳͲ͕ҰҼ ηΩϡϦςΟઐ໳Ոz΁ͷظ଴ͷมԽ ઐ໳Ոͱͯ͠܅ྟ͢Δ ։ൃऀͷԕ͘Ͱಇ͘ ஌ࣝΛϓϩμΫτͷܗͰຽओԽ͢Δ ։ൃऀͱڠಇ͢Δ ։ൃऀͱҧ͏࢓ࣄΛ͢Δ ։ൃऀͱಉ͡ର৅Λѻ͏ ηΩϡϦςΟͷਓ ηΩϡϦςΟΛ ΤϯδχΞϦϯά͢Δਓ

Slide 58

Slide 58 text

TIJGUKTJOGP %FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ XIPBNJ ৄࡉ͸IUUQTTIJGUKTJOGPʹ͋Γ·͢ ‣ ถ಺وࢤ :0/&6$)* 5BLBTIJ ‣ ๺ւಓ۴࿏ࢢग़਎ ‣ גࣜձࣾ'MBUU4FDVSJUZࣥߦ໾һ$50 ‣ ʮ։ൃऀͷͨΊͷɺ։ൃऀʹدΓఴͬͨηΩϡ ϦςΟʯΛୈҰٛͱͯ͠ಇ͍͍ͯ·͢ ‣ ੈͷதͷʢಛʹΠϯϋ΢εͷʣϓϩμΫτνʔ Ϝ͕҆৺ͯ͠ಇ͚ΔੈքΛ࡞Γ͍ͨͰ͢ ‣ ஶॻͳͲ ‣ ʰ8FCϒϥ΢βηΩϡϦςΟʱ ‣ ʰৄղηΩϡϦςΟίϯςετʱ

Slide 59

Slide 59 text

Slide 60

Slide 60 text

TIJGUKTJOGP %FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ ‣ ։ൃऀͷ׆ಈݍʹͱ͚͜ΜͰ͍͘4FDVSJUZ ‣ ։ൃऀͷٕज़ελοΫʹͱ͚͜ΜͰ͍͘4FDVSJUZ ‣ ։ൃऀͷखݩʹͱ͚͜ΜͰ͍͘4FDVSJUZ 1 2 3 ,FZ5BLFBXBZ %FWFMPQFS'JSTU4FDVSJUZͱ͍͏ߟ͑ํ-0$"-%FWFMPQFS%BZ0OMJOF`4FDVSJUZ %FWFMPQFS'JSTU4FDVSJUZͱ͸