安全なソフトウェアサプライチェーンの実現 / secure-software-supply-c...

Tsuyoshi Miyake

May 18, 2022

50

安全なソフトウェアサプライチェーンの実現 / secure-software-supply-chain-with-jfrog

2022/05/18 に実施した JFrog x SoftBank x PrismaCloud 共同 DevSecOps セミナーの JFrog 発表分です

Tsuyoshi Miyake

May 18, 2022

More Decks by Tsuyoshi Miyake

See All by Tsuyoshi Miyake

JFrog 最新情報 - JFrog DevOps プラットフォームの今までとこれから / jfrog-update-for-devopskaigi-2022

0

460

猿でもわかるコンテナ V3 / a-monkeys-guide-to-container-v3

0

83

猿でもわかる DevOps / a-monkeys-guide-to-devops

0

850

はじめての JFrog Platform V2 / getting-started-with-jfrog-platform-v2

0

410

はじめての JFrog Distribution / getting-started-with-jfrog-distribution

0

190

はじめての JFrog Pipelines / getting-started-with-jfrog-pipelines

0

230

はじめての JFrog Xray / getting-started-with-jfrog-xray

0

1.6k

はじめての JFrog Artifactory / getting-started-with-jfrog-artifactory

0

1.2k

はじめての JFrog Platform / getting-started-with-jfrog-platform

0

840

Other Decks in Technology

See All in Technology

Even G2 クイックスタートガイド（日本語版）

0

170

MIX AUDIO EN BROADCAST

0

140

Kubernetesの「隠れメモリ消費」によるNode共倒れと、Request適正化という処方箋

0

170

CREがSLOを握ると何が変わるのか

0

340

Sansanの認証基盤を支えるアーキテクチャとその振り返り

PRO

1

120

FlutterでPiP再生を実装した話

0

240

Microsoft Fabricで考える非構造データのAI活用

0

570

SaaSに宿る21g

2

180

Zephyr(RTOS)でARMとRISC-Vのコア間通信をしてみた

0

120

【社内勉強会】新年度からコーディングエージェントを使いこなす - 構造と制約で引き出すClaude Codeの実践知

35

16k

ThetaOS - A Mythical Machine comes Alive

0

230

Bill One 開発エンジニア紹介資料

PRO

5

18k

Featured

See All Featured

Put a Button on it: Removing Barriers to Going Fast.

60

4.2k

Color Theory Basics | Prateek | Gurzu

0

270

Chrome DevTools: State of the Union 2024 - Debugging React & Beyond

10

1.1k

How to Create Impact in a Changing Tech Landscape [PerfNow 2023]

55

3.3k

Discover your Explorer Soul

2

1.1k

How to Align SEO within the Product Triangle To Get  Buy-In & Support - #RIMC

1

1.5k

Navigating the moral maze — ethical principles for Al-driven product design

2

320

技術選定の審美眼（2025年版） / Understanding the Spiral of Technologies 2025 edition

PRO

118

110k

For a Future-Friendly Web

183

10k

How to optimise 3,500 product descriptions for ecommerce in one day using ChatGPT

PRO

1

3.5k

WENDY [Excerpt]

9

37k

Marketing Yourself as an Engineer | Alaka | Gurzu

0

170

Transcript

DevSecOps with JFrog Platform
2 § § Sr. DevOps Acceleration Engineer @JFrog § DevOps
Liquid Software § @tsuyoshi_miyake [email protected]
3 TPS TPS - Wikipedia: Toyota Production System (https://en.wikipedia.org/wiki/Toyota_Production_System) DevOps
• • • 4
1 SSC N 5 • • •
1 N 6 VCS (Git) CI/CD ??? • • •
SSC OSS B C A OSS OSS SSC SSC 7
8 • • • •
(CVE) by OSS (CVE) Executive Order on Improving the Nation
s Cybersecurity CVE 9
24/7 Dedicated Support + DevOps Acceleration Service Arm BUILD TEST
RELEASE DEPLOY CI/CD On Premises & Multicloud VCS ACCESS FEDERATION ACL SSO 10 JFrog Platform
Artifactory for 11 docker-prod-local docker-dev-local (default) docker-qa-local Docker Hub docker-remote
docker
WATCHES Xray for SBOM (Software Bill of Materials) 12 POLICIES
Security License Fail Build Web Hooks, Slack, Emails XUC (Xray Update Center) Bundle Build Build Repo Repo Frogbot IDE XRAY ARTIFACTORY SBOM (SPDX, CycloneDX)
13 PIPELINES > git commit Public Repos IDE Git Repo
package .json ARTIFACTORY XRAY PLUGIN XRAY DISTRIBUTION DISTRIBUTION EDGE DISTRIBUTION EDGE Connect Pull Request with JFrog Platform
JFrog 14
THANK YOU!