Upgrade to Pro — share decks privately, control downloads, hide ads and more …

はじめての JFrog Xray / getting-started-with-jfrog-xray

Tsuyoshi Miyake
August 12, 2021
Technology
0
1.3k

はじめての JFrog Xray / getting-started-with-jfrog-xray

 本ウェビナーでは JFrog Platform のセキュリティサービス JFrog Xray の概要についてお話します。前々回(録画・スライド)は DevSecOps の概要とそれを実現するためのプラットフォームである JFrog Platform のお話をしました。そこでは開発者が作成した素晴らしいソフトウェアを「いかに迅速に安全に安定して」エンドユーザーに届けることができるか、その実現のために JFrog は「バイナリ」を中心にこのフローを再定義してきたというお話をしました。
 JFrog Xray はこのビジョンのうち DevSecOps の “Sec” を実現するために一から開発された Software Composition Analysis (SCA) のプロダクトで、Artifactory にアドオンする形ですぐにご利用いただけます。この機会に JFrog Xray を基礎から学んでみたい方を中心にご参加をお待ちしております。

Tsuyoshi Miyake

August 12, 2021
Tweet

More Decks by Tsuyoshi Miyake

See All by Tsuyoshi Miyake
JFrog 最新情報 - JFrog DevOps プラットフォームの今までとこれから / jfrog-update-for-devopskaigi-2022
tsuyo
0
310
安全なソフトウェアサプライチェーンの実現 / secure-software-supply-chain-with-jfrog
tsuyo
0
16
猿でもわかるコンテナ V3 / a-monkeys-guide-to-container-v3
tsuyo
0
21
猿でもわかる DevOps / a-monkeys-guide-to-devops
tsuyo
0
680
はじめての JFrog Platform V2 / getting-started-with-jfrog-platform-v2
tsuyo
0
220
はじめての JFrog Distribution / getting-started-with-jfrog-distribution
tsuyo
0
140
はじめての JFrog Pipelines / getting-started-with-jfrog-pipelines
tsuyo
0
160
はじめての JFrog Artifactory / getting-started-with-jfrog-artifactory
tsuyo
0
790
はじめての JFrog Platform / getting-started-with-jfrog-platform
tsuyo
0
730

Other Decks in Technology

See All in Technology
ChatworkのSRE部って実は 半分くらいPlatform Engineering部かもしれない
saramune
0
160
検証を通して見えてきたTiDBの性能特性
lycorptech_jp
PRO
6
3.8k
ChatGPT for IT Service Management (IT Pro)
dahatake
7
1.6k
地理空間データ可視化・解析・活用ソリューション Pacific Spatial Solutions (PSS)
pacificspatialsolutions
0
290
FrontDoorとWebAppsを組み合わせた際のリダイレクト処理の注意点
kenichirokimura
1
530
LayerXにおけるLLMプロダクト開発の今までとこれから
layerx
PRO
1
370
ServiceNow Knowledge 24の歩き方 EYストラテジー・アンド・コンサルティング
manarobot
0
200
20240418_Google ColabにLLMが搭載されたようなのでPython x データ分析の勉強方法を考えてみる
doradora09
0
140
Gitlab本から学んだこと - そーだいなるプレイバック / gitlab-book
soudai
4
440
Delivering Millions of Messages within seconds @ Duolingo
pelelgrino
0
350
Building Dashboards as a Hobby
egmc
0
230
Java EE/Jakarta EEの現状と将来 ―クラウドネイティブ時代にJava EEは対応できるのか?―
takakiyo
1
170

Featured

See All Featured
Bootstrapping a Software Product
garrettdimon
PRO
302
110k
BBQ
matthewcrist
80
8.8k
KATA
mclloyd
15
12k
Practical Orchestrator
shlominoach
182
9.7k
Unsuck your backbone
ammeep
663
57k
Rebuilding a faster, lazier Slack
samanthasiow
73
8.2k
GitHub's CSS Performance
jonrohan
1025
450k
Fashionably flexible responsive web design (full day workshop)
malarkey
398
65k
Embracing the Ebb and Flow
colly
80
4.1k
Web development in the modern age
philhawksworth
202
10k
What's in a price? How to price your products and services
michaelherold
237
11k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
20
1.9k

Transcript

  1. JFrog Xray Getting Started with JFrog Xray

  2. 2 § Webinar Ø § § Q&A Ø Ø Chat

  3. 3 § § Sr. DevOps Acceleration Engineer @JFrog § DevOps

    Liquid Software § @tsuyoshi_miyake [email protected]

  4. DevSecOps Overview JFrog Xray Xray Xray Q&A 4

  5. 5 DevSecOps Overview

  6. DevSecOps § DevSecOps = DevOps Security § DevOps § (#SecurityFirst)

    6 SECURITY

  7. OSS • • • DevSecOps OSS

  8. DevSecOps § CI/CD § Shift Left § 8

  9. Shift Left § § § § IDE 9

  10. 10 JFrog Xray

  11. 24/7 Dedicated Support + DevOps Acceleration Service Arm BUILD TEST

    RELEASE DEPLOY On Premises & Multicloud VCS ACCESS FEDERATION ACL SSO JFrog Platform

  12. Xray 12 Artifactory Software Composition Analysis (SCA Docker zip VulnDB

    REST API CLI IDE CI SaaS (AWS Azure GCP)

  13. 13

  14. 14 Xray

  15. Xray 15 INDEXING RESOURCES POLICIES RULES WATCHES

  16. Xray 16 WATCHES POLICIES JFrog ARTIFACTORY Security License JFrog XRAY

    Fail Build Web Hooks, Slack, Emails XUC (Xray Update Center) Bundle Build Build Repo Repo

  17. 17

  18. 18 ARTIFACTORY XRAY NEW ARTIFACT INDEXING SCANNING SETUP POLICY RULES

    CREATE AUTOMATIC ACTIONS FAIL BUILD NOTIFICATION CRITICAL VIOLATION MINOR VIOLATION

  19. 19 XRAY SCANNING SETUP POLICY RULES CREATE AUTOMATIC ACTIONS FAIL

    BUILD NOTIFICATION CRITICAL VIOLATION MINOR VIOLATION METADATA DB UPDATE

  20. • • Xray • Xray

  21. Policy § Policy § Rule § § Rule § §

    21 Security Policy License Policy Min Severity Level Rule 1 Min Severity Level Rule 2 Allow/ Banned licenses Rule 1 Allow/ Banned licenses Rule 2

  22. Rule § § (Low, Medium, High) § § Webhook (Slack,

    Splunk, JIRA etc.) § § § § Fail Build 22

  23. Watch § § Policy § Watch § Policy Rule Policy

    § Policy Rule 23 Watch Watch Policy Policy Policy Policy Policy Policy

  24. § § § § § § 24

  25. Xray § GUI § REST API § JFrog CLI §

    CI § IDE 25

  26. 26 Xray

  27. 27 IDE Interfaces 1 Remote Repositories 2 ARTIFACTORY 3 4

    XRAY External Data Sources 5 CI Servers DRONE VCS 6 Build Tools/Dependency Managers MSBuild 7 8 9 10 Fail Build Provisioning Tools 11 12 DISTRIBUTION ARTIFACTORY EDGE ARTIFACTORY EDGE ARTIFACTORY EDGE

  28. (Shift Left) 28 CODE BUILD PRODUCTION MONITOR/ LEARN RELEASE/DIS TRIBUTION

  29. 29 CODE BUILD PRODUCTION MONITOR/ LEARN RELEASE/DIS TRIBUTION

  30. 30 CODE BUILD PRODUCTION MONITOR/ LEARN RELEASE/DIS TRIBUTION

  31. 31 CODE BUILD PRODUCTION MONITOR/ LEARN RELEASE/DIS TRIBUTION

  32. 32 CODE BUILD PRODUCTION MONITOR/ LEARN RELEASE/DIS TRIBUTION

  33. None

  34. Q&A

  35. THANK YOU!