Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
安全なソフトウェアサプライチェーンの実現 / secure-software-supply-c...
Search
Tsuyoshi Miyake
May 18, 2022
Technology
0
24
安全なソフトウェアサプライチェーンの実現 / secure-software-supply-chain-with-jfrog
2022/05/18 に実施した JFrog x SoftBank x PrismaCloud 共同 DevSecOps セミナーの JFrog 発表分です
Tsuyoshi Miyake
May 18, 2022
Tweet
Share
More Decks by Tsuyoshi Miyake
See All by Tsuyoshi Miyake
JFrog 最新情報 - JFrog DevOps プラットフォームの今までとこれから / jfrog-update-for-devopskaigi-2022
tsuyo
0
360
猿でもわかるコンテナ V3 / a-monkeys-guide-to-container-v3
tsuyo
0
41
猿でもわかる DevOps / a-monkeys-guide-to-devops
tsuyo
0
720
はじめての JFrog Platform V2 / getting-started-with-jfrog-platform-v2
tsuyo
0
270
はじめての JFrog Distribution / getting-started-with-jfrog-distribution
tsuyo
0
150
はじめての JFrog Pipelines / getting-started-with-jfrog-pipelines
tsuyo
0
180
はじめての JFrog Xray / getting-started-with-jfrog-xray
tsuyo
0
1.4k
はじめての JFrog Artifactory / getting-started-with-jfrog-artifactory
tsuyo
0
890
はじめての JFrog Platform / getting-started-with-jfrog-platform
tsuyo
0
750
Other Decks in Technology
See All in Technology
スクラムチームを立ち上げる〜チーム開発で得られたもの・得られなかったもの〜
ohnoeight
2
350
誰も全体を知らない ~ ロールの垣根を超えて引き上げる開発生産性 / Boosting Development Productivity Across Roles
kakehashi
1
220
初心者向けAWS Securityの勉強会mini Security-JAWSを9ヶ月ぐらい実施してきての近況
cmusudakeisuke
0
120
Making your applications cross-environment - OSCG 2024 NA
salaboy
0
180
【Startup CTO of the Year 2024 / Audience Award】アセンド取締役CTO 丹羽健
niwatakeru
0
990
IBC 2024 動画技術関連レポート / IBC 2024 Report
cyberagentdevelopers
PRO
0
110
Evangelismo técnico: ¿qué, cómo y por qué?
trishagee
0
360
ドメイン名の終活について - JPAAWG 7th -
mikit
33
20k
iOSチームとAndroidチームでブランチ運用が違ったので整理してます
sansantech
PRO
0
130
ノーコードデータ分析ツールで体験する時系列データ分析超入門
negi111111
0
410
[CV勉強会@関東 ECCV2024 読み会] オンラインマッピング x トラッキング MapTracker: Tracking with Strided Memory Fusion for Consistent Vector HD Mapping (Chen+, ECCV24)
abemii
0
220
AIチャットボット開発への生成AI活用
ryomrt
0
170
Featured
See All Featured
Automating Front-end Workflow
addyosmani
1366
200k
Why You Should Never Use an ORM
jnunemaker
PRO
54
9.1k
Rails Girls Zürich Keynote
gr2m
94
13k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
42
9.2k
Fireside Chat
paigeccino
34
3k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
356
29k
Docker and Python
trallard
40
3.1k
Building a Scalable Design System with Sketch
lauravandoore
459
33k
Product Roadmaps are Hard
iamctodd
PRO
49
11k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
38
1.8k
Fontdeck: Realign not Redesign
paulrobertlloyd
82
5.2k
KATA
mclloyd
29
14k
Transcript
DevSecOps with JFrog Platform
2 § § Sr. DevOps Acceleration Engineer @JFrog § DevOps
Liquid Software § @tsuyoshi_miyake
[email protected]
3 TPS TPS - Wikipedia: Toyota Production System (https://en.wikipedia.org/wiki/Toyota_Production_System) DevOps
• • • 4
1 SSC N 5 • • •
1 N 6 VCS (Git) CI/CD ??? • • •
SSC OSS B C A OSS OSS SSC SSC 7
8 • • • •
(CVE) by OSS (CVE) Executive Order on Improving the Nation
s Cybersecurity CVE 9
24/7 Dedicated Support + DevOps Acceleration Service Arm BUILD TEST
RELEASE DEPLOY CI/CD On Premises & Multicloud VCS ACCESS FEDERATION ACL SSO 10 JFrog Platform
Artifactory for 11 docker-prod-local docker-dev-local (default) docker-qa-local Docker Hub docker-remote
docker
WATCHES Xray for SBOM (Software Bill of Materials) 12 POLICIES
Security License Fail Build Web Hooks, Slack, Emails XUC (Xray Update Center) Bundle Build Build Repo Repo Frogbot IDE XRAY ARTIFACTORY SBOM (SPDX, CycloneDX)
13 PIPELINES > git commit Public Repos IDE Git Repo
package .json ARTIFACTORY XRAY PLUGIN XRAY DISTRIBUTION DISTRIBUTION EDGE DISTRIBUTION EDGE Connect Pull Request with JFrog Platform
JFrog 14
THANK YOU!