はじめての JFrog Xray / getting-started-with-jfrog-xray

by Tsuyoshi Miyake

Slide 1

Slide 1 text

JFrog Xray Getting Started with JFrog Xray

Slide 2

Slide 2 text

2 § Webinar Ø § § Q&A Ø Ø Chat

Slide 3

Slide 3 text

3 § § Sr. DevOps Acceleration Engineer @JFrog § DevOps Liquid Software § @tsuyoshi_miyake [email protected]

Slide 4

Slide 4 text

DevSecOps Overview JFrog Xray Xray Xray Q&A 4

Slide 5

Slide 5 text

5 DevSecOps Overview

Slide 6

Slide 6 text

DevSecOps § DevSecOps = DevOps Security § DevOps § (#SecurityFirst) 6 SECURITY

Slide 7

Slide 7 text

OSS ● ● ● DevSecOps OSS

Slide 8

Slide 8 text

DevSecOps § CI/CD § Shift Left § 8

Slide 9

Slide 9 text

Shift Left § § § § IDE 9

Slide 10

Slide 10 text

10 JFrog Xray

Slide 11

Slide 11 text

24/7 Dedicated Support + DevOps Acceleration Service Arm BUILD TEST RELEASE DEPLOY On Premises & Multicloud VCS ACCESS FEDERATION ACL SSO JFrog Platform

Slide 12

Slide 12 text

Xray 12 Artifactory Software Composition Analysis (SCA Docker zip VulnDB REST API CLI IDE CI SaaS (AWS Azure GCP)

Slide 13

Slide 13 text

Slide 14

Slide 14 text

14 Xray

Slide 15

Slide 15 text

Xray 15 INDEXING RESOURCES POLICIES RULES WATCHES

Slide 16

Slide 16 text

Xray 16 WATCHES POLICIES JFrog ARTIFACTORY Security License JFrog XRAY Fail Build Web Hooks, Slack, Emails XUC (Xray Update Center) Bundle Build Build Repo Repo

Slide 17

Slide 17 text

Slide 18

Slide 18 text

18 ARTIFACTORY XRAY NEW ARTIFACT INDEXING SCANNING SETUP POLICY RULES CREATE AUTOMATIC ACTIONS FAIL BUILD NOTIFICATION CRITICAL VIOLATION MINOR VIOLATION

Slide 19

Slide 19 text

19 XRAY SCANNING SETUP POLICY RULES CREATE AUTOMATIC ACTIONS FAIL BUILD NOTIFICATION CRITICAL VIOLATION MINOR VIOLATION METADATA DB UPDATE

Slide 20

Slide 20 text

● ● Xray ● Xray

Slide 21

Slide 21 text

Policy § Policy § Rule § § Rule § § 21 Security Policy License Policy Min Severity Level Rule 1 Min Severity Level Rule 2 Allow/ Banned licenses Rule 1 Allow/ Banned licenses Rule 2

Slide 22

Slide 22 text

Rule § § (Low, Medium, High) § § Webhook (Slack, Splunk, JIRA etc.) § § § § Fail Build 22

Slide 23

Slide 23 text

Watch § § Policy § Watch § Policy Rule Policy § Policy Rule 23 Watch Watch Policy Policy Policy Policy Policy Policy

Slide 24

Slide 24 text

§ § § § § § 24

Slide 25

Slide 25 text

Xray § GUI § REST API § JFrog CLI § CI § IDE 25

Slide 26

Slide 26 text

26 Xray

Slide 27

Slide 27 text

27 IDE Interfaces 1 Remote Repositories 2 ARTIFACTORY 3 4 XRAY External Data Sources 5 CI Servers DRONE VCS 6 Build Tools/Dependency Managers MSBuild 7 8 9 10 Fail Build Provisioning Tools 11 12 DISTRIBUTION ARTIFACTORY EDGE ARTIFACTORY EDGE ARTIFACTORY EDGE

Slide 28

Slide 28 text

(Shift Left) 28 CODE BUILD PRODUCTION MONITOR/ LEARN RELEASE/DIS TRIBUTION

Slide 29

Slide 29 text

29 CODE BUILD PRODUCTION MONITOR/ LEARN RELEASE/DIS TRIBUTION

Slide 30

Slide 30 text

30 CODE BUILD PRODUCTION MONITOR/ LEARN RELEASE/DIS TRIBUTION

Slide 31

Slide 31 text

31 CODE BUILD PRODUCTION MONITOR/ LEARN RELEASE/DIS TRIBUTION

Slide 32

Slide 32 text

32 CODE BUILD PRODUCTION MONITOR/ LEARN RELEASE/DIS TRIBUTION

Slide 33

Slide 33 text

No content

Slide 34

Slide 34 text

Q&A

Slide 35

Slide 35 text

THANK YOU!