Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
安全なソフトウェアサプライチェーンの実現 / secure-software-supply-c...
Search
Tsuyoshi Miyake
May 18, 2022
Technology
53
0
Share
安全なソフトウェアサプライチェーンの実現 / secure-software-supply-chain-with-jfrog
2022/05/18 に実施した JFrog x SoftBank x PrismaCloud 共同 DevSecOps セミナーの JFrog 発表分です
Tsuyoshi Miyake
May 18, 2022
More Decks by Tsuyoshi Miyake
See All by Tsuyoshi Miyake
JFrog 最新情報 - JFrog DevOps プラットフォームの今までとこれから / jfrog-update-for-devopskaigi-2022
tsuyo
0
460
猿でもわかるコンテナ V3 / a-monkeys-guide-to-container-v3
tsuyo
0
91
猿でもわかる DevOps / a-monkeys-guide-to-devops
tsuyo
0
870
はじめての JFrog Platform V2 / getting-started-with-jfrog-platform-v2
tsuyo
0
420
はじめての JFrog Distribution / getting-started-with-jfrog-distribution
tsuyo
0
200
はじめての JFrog Pipelines / getting-started-with-jfrog-pipelines
tsuyo
0
240
はじめての JFrog Xray / getting-started-with-jfrog-xray
tsuyo
0
1.6k
はじめての JFrog Artifactory / getting-started-with-jfrog-artifactory
tsuyo
0
1.2k
はじめての JFrog Platform / getting-started-with-jfrog-platform
tsuyo
0
850
Other Decks in Technology
See All in Technology
インプロセスQAのための要因から捉えるプロジェクトリスクマネジメントnano #1 開発リソース効率状態への対処 #jasstnano
barus_qa
0
150
R&D 祭 2024 UE5で絵コンテ・作画の制作支援ツールをつくる話
olmdrd
PRO
0
180
障害対応のRunbookは作った、でも本当に動くの? AWS FIS で EKS の AZ 障害を再現してみた
tk3fftk
0
100
PdM・Eng・QAで進めるAI駆動開発の現在地/aidd-with-pdm-eng-qa
shota_kusaba
0
250
Swift Sequence の便利 API 再発見
treastrain
1
290
20260516_SecJAWS_Days
takuyay0ne
2
440
JaSSTに関わることで変わった人生観 #jasstnano
makky_tyuyan
0
110
【関西製造業祭り2026春】現場を変える技術はここまで来た〜世界最大の製造業見本市から持って帰ってきたもの〜
tanakaseiya
0
170
Terragrunt x Snowflake + dbt で作るマルチテナントなデータ基盤構築プラットフォーム
gak_t12
0
260
生成AI時代に信頼性をどう保ち続けるか - Policy as Code の実践
akitok_
1
470
いつの間にかデータエンジニア以外の業務も増えていたけど、意外と経験が役に立ってる
zozotech
PRO
0
640
React Compiler導入から21ヶ月、いま始めるならこうやる
astatsuya
2
210
Featured
See All Featured
SEO for Brand Visibility & Recognition
aleyda
0
4.5k
We Are The Robots
honzajavorek
0
230
The Spectacular Lies of Maps
axbom
PRO
1
740
We Have a Design System, Now What?
morganepeng
55
8.1k
Side Projects
sachag
455
43k
エンジニアに許された特別な時間の終わり
watany
106
240k
Color Theory Basics | Prateek | Gurzu
gurzu
0
310
sira's awesome portfolio website redesign presentation
elsirapls
0
240
Data-driven link building: lessons from a $708K investment (BrightonSEO talk)
szymonslowik
1
1.1k
Applied NLP in the Age of Generative AI
inesmontani
PRO
4
2.2k
Why Our Code Smells
bkeepers
PRO
340
58k
Odyssey Design
rkendrick25
PRO
2
620
Transcript
DevSecOps with JFrog Platform
2 § § Sr. DevOps Acceleration Engineer @JFrog § DevOps
Liquid Software § @tsuyoshi_miyake
[email protected]
3 TPS TPS - Wikipedia: Toyota Production System (https://en.wikipedia.org/wiki/Toyota_Production_System) DevOps
• • • 4
1 SSC N 5 • • •
1 N 6 VCS (Git) CI/CD ??? • • •
SSC OSS B C A OSS OSS SSC SSC 7
8 • • • •
(CVE) by OSS (CVE) Executive Order on Improving the Nation
s Cybersecurity CVE 9
24/7 Dedicated Support + DevOps Acceleration Service Arm BUILD TEST
RELEASE DEPLOY CI/CD On Premises & Multicloud VCS ACCESS FEDERATION ACL SSO 10 JFrog Platform
Artifactory for 11 docker-prod-local docker-dev-local (default) docker-qa-local Docker Hub docker-remote
docker
WATCHES Xray for SBOM (Software Bill of Materials) 12 POLICIES
Security License Fail Build Web Hooks, Slack, Emails XUC (Xray Update Center) Bundle Build Build Repo Repo Frogbot IDE XRAY ARTIFACTORY SBOM (SPDX, CycloneDX)
13 PIPELINES > git commit Public Repos IDE Git Repo
package .json ARTIFACTORY XRAY PLUGIN XRAY DISTRIBUTION DISTRIBUTION EDGE DISTRIBUTION EDGE Connect Pull Request with JFrog Platform
JFrog 14
THANK YOU!
tsuyo
barus_qa
olmdrd
tk3fftk
.jpg){kind=avatar}
shota_kusaba
treastrain
takuyay0ne
makky_tyuyan
tanakaseiya
gak_t12
akitok_
zozotech
astatsuya
aleyda
honzajavorek
axbom
morganepeng
sachag
watany
gurzu
elsirapls
szymonslowik
inesmontani
bkeepers
rkendrick25
