Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
安全なソフトウェアサプライチェーンの実現 / secure-software-supply-chain-with-jfrog
Search
Tsuyoshi Miyake
May 18, 2022
Technology
0
19
安全なソフトウェアサプライチェーンの実現 / secure-software-supply-chain-with-jfrog
2022/05/18 に実施した JFrog x SoftBank x PrismaCloud 共同 DevSecOps セミナーの JFrog 発表分です
Tsuyoshi Miyake
May 18, 2022
Tweet
Share
More Decks by Tsuyoshi Miyake
See All by Tsuyoshi Miyake
JFrog 最新情報 - JFrog DevOps プラットフォームの今までとこれから / jfrog-update-for-devopskaigi-2022
tsuyo
0
340
猿でもわかるコンテナ V3 / a-monkeys-guide-to-container-v3
tsuyo
0
29
猿でもわかる DevOps / a-monkeys-guide-to-devops
tsuyo
0
700
はじめての JFrog Platform V2 / getting-started-with-jfrog-platform-v2
tsuyo
0
240
はじめての JFrog Distribution / getting-started-with-jfrog-distribution
tsuyo
0
150
はじめての JFrog Pipelines / getting-started-with-jfrog-pipelines
tsuyo
0
160
はじめての JFrog Xray / getting-started-with-jfrog-xray
tsuyo
0
1.3k
はじめての JFrog Artifactory / getting-started-with-jfrog-artifactory
tsuyo
0
830
はじめての JFrog Platform / getting-started-with-jfrog-platform
tsuyo
0
740
Other Decks in Technology
See All in Technology
AWSサービスメニュー開発をしていてAWSを好きだ!と感じた瞬間
toru_kubota
0
130
Azure OpenAI Service Dev Day / LLMでできる!使える!生成AIエージェント
masahiro_nishimi
3
800
What is DRE? - Road to SRE NEXT@広島
chanyou0311
3
630
dxd2024-生成AIに振り回された3か月間の成功と失敗/dxd2024-link-and-motivation
lmi
2
260
ABEMAにおけるLLMを用いたコンテンツベース推薦システム導入と効果検証
cyberagentdevelopers
PRO
1
750
LLMアプリケーションの評価の実践と課題 ~PharmaXにおける今後の展望~
pharma_x_tech
2
170
[NIKKEI Tech Talk] KDDI/KAG Scrum & Community for Engineering Training
curanosuke
2
220
LINE WORKSへ簡単通知!Incoming Webhookアプリの紹介
mmclsntr
0
110
AWSでRAGを作る法方
sonoda_mj
1
140
データ分析基盤を作ってみよう~設計編~
nrinetcom
PRO
1
110
[2024最新版]AWS Control Towerを使ったセキュアなマルチアカウント環境の作り方
hiashisan
0
270
AWSで”最小権限の原則”を実現するための考え方 /20240722-ssmjp-aws-least-privilege
opelab
10
4.4k
Featured
See All Featured
Design by the Numbers
sachag
277
18k
WebSockets: Embracing the real-time Web
robhawkes
59
7.2k
How GitHub (no longer) Works
holman
305
140k
Clear Off the Table
cherdarchuk
89
320k
Keith and Marios Guide to Fast Websites
keithpitt
408
22k
Art, The Web, and Tiny UX
lynnandtonic
291
20k
Building Adaptive Systems
keathley
34
2k
Web Components: a chance to create the future
zenorocha
307
41k
Designing for humans not robots
tammielis
247
25k
Adopting Sorbet at Scale
ufuk
71
8.8k
Reflections from 52 weeks, 52 projects
jeffersonlam
346
19k
Optimising Largest Contentful Paint
csswizardry
18
2.6k
Transcript
DevSecOps with JFrog Platform
2 § § Sr. DevOps Acceleration Engineer @JFrog § DevOps
Liquid Software § @tsuyoshi_miyake
[email protected]
3 TPS TPS - Wikipedia: Toyota Production System (https://en.wikipedia.org/wiki/Toyota_Production_System) DevOps
• • • 4
1 SSC N 5 • • •
1 N 6 VCS (Git) CI/CD ??? • • •
SSC OSS B C A OSS OSS SSC SSC 7
8 • • • •
(CVE) by OSS (CVE) Executive Order on Improving the Nation
s Cybersecurity CVE 9
24/7 Dedicated Support + DevOps Acceleration Service Arm BUILD TEST
RELEASE DEPLOY CI/CD On Premises & Multicloud VCS ACCESS FEDERATION ACL SSO 10 JFrog Platform
Artifactory for 11 docker-prod-local docker-dev-local (default) docker-qa-local Docker Hub docker-remote
docker
WATCHES Xray for SBOM (Software Bill of Materials) 12 POLICIES
Security License Fail Build Web Hooks, Slack, Emails XUC (Xray Update Center) Bundle Build Build Repo Repo Frogbot IDE XRAY ARTIFACTORY SBOM (SPDX, CycloneDX)
13 PIPELINES > git commit Public Repos IDE Git Repo
package .json ARTIFACTORY XRAY PLUGIN XRAY DISTRIBUTION DISTRIBUTION EDGE DISTRIBUTION EDGE Connect Pull Request with JFrog Platform
JFrog 14
THANK YOU!