Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
安全なソフトウェアサプライチェーンの実現 / secure-software-supply-c...
Search
Tsuyoshi Miyake
May 18, 2022
Technology
0
25
安全なソフトウェアサプライチェーンの実現 / secure-software-supply-chain-with-jfrog
2022/05/18 に実施した JFrog x SoftBank x PrismaCloud 共同 DevSecOps セミナーの JFrog 発表分です
Tsuyoshi Miyake
May 18, 2022
Tweet
Share
More Decks by Tsuyoshi Miyake
See All by Tsuyoshi Miyake
JFrog 最新情報 - JFrog DevOps プラットフォームの今までとこれから / jfrog-update-for-devopskaigi-2022
tsuyo
0
380
猿でもわかるコンテナ V3 / a-monkeys-guide-to-container-v3
tsuyo
0
45
猿でもわかる DevOps / a-monkeys-guide-to-devops
tsuyo
0
740
はじめての JFrog Platform V2 / getting-started-with-jfrog-platform-v2
tsuyo
0
300
はじめての JFrog Distribution / getting-started-with-jfrog-distribution
tsuyo
0
160
はじめての JFrog Pipelines / getting-started-with-jfrog-pipelines
tsuyo
0
190
はじめての JFrog Xray / getting-started-with-jfrog-xray
tsuyo
0
1.4k
はじめての JFrog Artifactory / getting-started-with-jfrog-artifactory
tsuyo
0
950
はじめての JFrog Platform / getting-started-with-jfrog-platform
tsuyo
0
760
Other Decks in Technology
See All in Technology
Охота на косуль у древних
ashapiro
0
110
4th place solution Eedi - Mining Misconceptions in Mathematics
rist
0
150
脳波を用いた嗜好マッチングシステム
hokkey621
0
290
データエンジニアリング領域におけるDuckDBのユースケース
chanyou0311
9
2.2k
AWS Well-Architected Frameworkで学ぶAmazon ECSのセキュリティ対策
umekou
2
150
ExaDB-XSで利用されているExadata Exascaleについて
oracle4engineer
PRO
3
260
What's new in Go 1.24?
ciarana
1
110
わたしがEMとして入社した「最初の100日」の過ごし方 / EMConfJp2025
daiksy
14
5.1k
【内製開発Summit 2025】イオンスマートテクノロジーの内製化組織の作り方/In-house-development-summit-AST
aeonpeople
2
680
EDRの検知の仕組みと検知回避について
chayakonanaika
12
4.9k
【詳説】コンテンツ配信 システムの複数機能 基盤への拡張
hatena
0
260
Oracle Database Technology Night #87-1 : Exadata Database Service on Exascale Infrastructure(ExaDB-XS)サービス詳細
oracle4engineer
PRO
1
180
Featured
See All Featured
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
Agile that works and the tools we love
rasmusluckow
328
21k
Reflections from 52 weeks, 52 projects
jeffersonlam
348
20k
Six Lessons from altMBA
skipperchong
27
3.6k
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
How to train your dragon (web standard)
notwaldorf
91
5.9k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
49k
Building Better People: How to give real-time feedback that sticks.
wjessup
367
19k
Unsuck your backbone
ammeep
669
57k
Speed Design
sergeychernyshev
27
810
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
30
2.2k
The Art of Programming - Codeland 2020
erikaheidi
53
13k
Transcript
DevSecOps with JFrog Platform
2 § § Sr. DevOps Acceleration Engineer @JFrog § DevOps
Liquid Software § @tsuyoshi_miyake
[email protected]
3 TPS TPS - Wikipedia: Toyota Production System (https://en.wikipedia.org/wiki/Toyota_Production_System) DevOps
• • • 4
1 SSC N 5 • • •
1 N 6 VCS (Git) CI/CD ??? • • •
SSC OSS B C A OSS OSS SSC SSC 7
8 • • • •
(CVE) by OSS (CVE) Executive Order on Improving the Nation
s Cybersecurity CVE 9
24/7 Dedicated Support + DevOps Acceleration Service Arm BUILD TEST
RELEASE DEPLOY CI/CD On Premises & Multicloud VCS ACCESS FEDERATION ACL SSO 10 JFrog Platform
Artifactory for 11 docker-prod-local docker-dev-local (default) docker-qa-local Docker Hub docker-remote
docker
WATCHES Xray for SBOM (Software Bill of Materials) 12 POLICIES
Security License Fail Build Web Hooks, Slack, Emails XUC (Xray Update Center) Bundle Build Build Repo Repo Frogbot IDE XRAY ARTIFACTORY SBOM (SPDX, CycloneDX)
13 PIPELINES > git commit Public Repos IDE Git Repo
package .json ARTIFACTORY XRAY PLUGIN XRAY DISTRIBUTION DISTRIBUTION EDGE DISTRIBUTION EDGE Connect Pull Request with JFrog Platform
JFrog 14
THANK YOU!