Upgrade to Pro — share decks privately, control downloads, hide ads and more …

はじめての JFrog Xray / getting-started-with-jfrog-xray

はじめての JFrog Xray / getting-started-with-jfrog-xray

 本ウェビナーでは JFrog Platform のセキュリティサービス JFrog Xray の概要についてお話します。前々回(録画・スライド)は DevSecOps の概要とそれを実現するためのプラットフォームである JFrog Platform のお話をしました。そこでは開発者が作成した素晴らしいソフトウェアを「いかに迅速に安全に安定して」エンドユーザーに届けることができるか、その実現のために JFrog は「バイナリ」を中心にこのフローを再定義してきたというお話をしました。
 JFrog Xray はこのビジョンのうち DevSecOps の “Sec” を実現するために一から開発された Software Composition Analysis (SCA) のプロダクトで、Artifactory にアドオンする形ですぐにご利用いただけます。この機会に JFrog Xray を基礎から学んでみたい方を中心にご参加をお待ちしております。

567600e04dbcb14d6bd8f120e6625a27?s=128

Tsuyoshi Miyake

September 03, 2021
Tweet

Transcript

  1. JFrog Xray Getting Started with JFrog Xray

  2. 2 § Webinar Ø § § Q&A Ø Ø Chat

  3. 3 § § Sr. DevOps Acceleration Engineer @JFrog § DevOps

    Liquid Software § @tsuyoshi_miyake miyaket@jfrog.com
  4. DevSecOps Overview JFrog Xray Xray Xray Q&A 4

  5. 5 DevSecOps Overview

  6. DevSecOps § DevSecOps = DevOps Security § DevOps § (#SecurityFirst)

    6 SECURITY
  7. OSS • • • DevSecOps OSS

  8. DevSecOps § CI/CD § Shift Left § 8

  9. Shift Left § § § § IDE 9

  10. 10 JFrog Xray

  11. 24/7 Dedicated Support + DevOps Acceleration Service Arm BUILD TEST

    RELEASE DEPLOY On Premises & Multicloud VCS ACCESS FEDERATION ACL SSO JFrog Platform
  12. Xray 12 Artifactory Software Composition Analysis (SCA Docker zip VulnDB

    REST API CLI IDE CI SaaS (AWS Azure GCP)
  13. 13

  14. 14 Xray

  15. Xray 15 INDEXING RESOURCES POLICIES RULES WATCHES

  16. Xray 16 WATCHES POLICIES JFrog ARTIFACTORY Security License JFrog XRAY

    Fail Build Web Hooks, Slack, Emails XUC (Xray Update Center) Bundle Build Build Repo Repo
  17. 17

  18. 18 ARTIFACTORY XRAY NEW ARTIFACT INDEXING SCANNING SETUP POLICY RULES

    CREATE AUTOMATIC ACTIONS FAIL BUILD NOTIFICATION CRITICAL VIOLATION MINOR VIOLATION
  19. 19 XRAY SCANNING SETUP POLICY RULES CREATE AUTOMATIC ACTIONS FAIL

    BUILD NOTIFICATION CRITICAL VIOLATION MINOR VIOLATION METADATA DB UPDATE
  20. • • Xray • Xray

  21. Policy § Policy § Rule § § Rule § §

    21 Security Policy License Policy Min Severity Level Rule 1 Min Severity Level Rule 2 Allow/ Banned licenses Rule 1 Allow/ Banned licenses Rule 2
  22. Rule § § (Low, Medium, High) § § Webhook (Slack,

    Splunk, JIRA etc.) § § § § Fail Build 22
  23. Watch § § Policy § Watch § Policy Rule Policy

    § Policy Rule 23 Watch Watch Policy Policy Policy Policy Policy Policy
  24. § § § § § § 24

  25. Xray § GUI § REST API § JFrog CLI §

    CI § IDE 25
  26. 26 Xray

  27. 27 IDE Interfaces 1 Remote Repositories 2 ARTIFACTORY 3 4

    XRAY External Data Sources 5 CI Servers DRONE VCS 6 Build Tools/Dependency Managers MSBuild 7 8 9 10 Fail Build Provisioning Tools 11 12 DISTRIBUTION ARTIFACTORY EDGE ARTIFACTORY EDGE ARTIFACTORY EDGE
  28. (Shift Left) 28 CODE BUILD PRODUCTION MONITOR/ LEARN RELEASE/DIS TRIBUTION

  29. 29 CODE BUILD PRODUCTION MONITOR/ LEARN RELEASE/DIS TRIBUTION

  30. 30 CODE BUILD PRODUCTION MONITOR/ LEARN RELEASE/DIS TRIBUTION

  31. 31 CODE BUILD PRODUCTION MONITOR/ LEARN RELEASE/DIS TRIBUTION

  32. 32 CODE BUILD PRODUCTION MONITOR/ LEARN RELEASE/DIS TRIBUTION

  33. None
  34. Q&A

  35. THANK YOU!