安全なソフトウェアサプライチェーンの実現 / secure-software-supply-chain-with-jfrog

2022/05/18 に実施した JFrog x SoftBank x PrismaCloud 共同 DevSecOps セミナーの JFrog 発表分です

Tsuyoshi Miyake

May 18, 2022

More Decks by Tsuyoshi Miyake

See All by Tsuyoshi Miyake

JFrog 最新情報 - JFrog DevOps プラットフォームの今までとこれから / jfrog-update-for-devopskaigi-2022

0

460

猿でもわかるコンテナ V3 / a-monkeys-guide-to-container-v3

0

94

猿でもわかる DevOps / a-monkeys-guide-to-devops

0

870

はじめての JFrog Platform V2 / getting-started-with-jfrog-platform-v2

0

420

はじめての JFrog Distribution / getting-started-with-jfrog-distribution

0

200

はじめての JFrog Pipelines / getting-started-with-jfrog-pipelines

0

240

はじめての JFrog Xray / getting-started-with-jfrog-xray

0

1.6k

はじめての JFrog Artifactory / getting-started-with-jfrog-artifactory

0

1.2k

はじめての JFrog Platform / getting-started-with-jfrog-platform

0

860

Other Decks in Technology

See All in Technology

Mastering Ruby Box

3

140

タクシーアプリ『GO』の実践的データ活用

2

110

電子辞書Brainをネットに繋げてみた(自力編)

0

430

AI-DLCを活用した高品質・安全なAI駆動開発実践 / AI Driven Development

1

330

脅威をエンジニアリングの糧にして：恐怖を乗り越えた先にあったもの / Turn threats into fuel for engineering: what lay beyond overcoming fear

1

380

【Gen-AX】20260530開催_JJUG CCC 2026 Spring

0

400

AI Adaptable なテストを整える工夫 / Ways to Make Your Tests AI-Adaptable

PRO

2

210

オンコールの負荷軽減のためのBits Assistant 活用方法 / How to Use Bits Assistant to Reduce the Workload on On-Call Staff

1

380

Claude Codeを組織で使いこなす— サーバサイドAIエージェント運用の実践知

PRO

0

190

ルールやカスタム機能、どう使う？理想の出力を引き出すために今知りたいIBM Bob 5つの機能

1

310

AIを「創る」と「使う」の循環 — HRテックが実践するリアルなAI組織実装

0

1.1k

AI Engineering Summit Tokyo 2026 AIの前に、やることがある〜医療データ企業の4フェーズ〜

0

1.4k

Featured

See All Featured

GraphQLの誤解/rethinking-graphql

75

12k

Build your cross-platform service in a week with App Engine

234

18k

Information Architects: The Missing Link in Design Systems

0

960

Mozcon NYC 2025: Stop Losing SEO Traffic

1

250

[SF Ruby Conf 2025] Rails X

2

1.1k

SEO Brein meetup: CTRL+C is not how to scale international SEO

1

2.7k

Claude Code のすすめ

67

220k

[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails

38

2.9k

Self-Hosted WebAssembly Runtime for Runtime-Neutral Checkpoint/Restore in Edge–Cloud Continuum

0

560

AI in Enterprises - Java and Open Source to the Rescue

0

1.3k

Noah Learner - AI + Me: how we built a GSC Bulk Export data pipeline

PRO

0

190

SEO in 2025: How to Prepare for the Future of Search

3

3.5k

Transcript

DevSecOps with JFrog Platform
2 § § Sr. DevOps Acceleration Engineer @JFrog § DevOps
Liquid Software § @tsuyoshi_miyake [email protected]
3 TPS TPS - Wikipedia: Toyota Production System (https://en.wikipedia.org/wiki/Toyota_Production_System) DevOps
• • • 4
1 SSC N 5 • • •
1 N 6 VCS (Git) CI/CD ??? • • •
SSC OSS B C A OSS OSS SSC SSC 7
8 • • • •
(CVE) by OSS (CVE) Executive Order on Improving the Nation
s Cybersecurity CVE 9
24/7 Dedicated Support + DevOps Acceleration Service Arm BUILD TEST
RELEASE DEPLOY CI/CD On Premises & Multicloud VCS ACCESS FEDERATION ACL SSO 10 JFrog Platform
Artifactory for 11 docker-prod-local docker-dev-local (default) docker-qa-local Docker Hub docker-remote
docker
WATCHES Xray for SBOM (Software Bill of Materials) 12 POLICIES
Security License Fail Build Web Hooks, Slack, Emails XUC (Xray Update Center) Bundle Build Build Repo Repo Frogbot IDE XRAY ARTIFACTORY SBOM (SPDX, CycloneDX)
13 PIPELINES > git commit Public Repos IDE Git Repo
package .json ARTIFACTORY XRAY PLUGIN XRAY DISTRIBUTION DISTRIBUTION EDGE DISTRIBUTION EDGE Connect Pull Request with JFrog Platform
JFrog 14
THANK YOU!