安全なソフトウェアサプライチェーンの実現 / secure-software-supply-c...

Tsuyoshi Miyake

May 18, 2022

45

安全なソフトウェアサプライチェーンの実現 / secure-software-supply-chain-with-jfrog

2022/05/18 に実施した JFrog x SoftBank x PrismaCloud 共同 DevSecOps セミナーの JFrog 発表分です

Tsuyoshi Miyake

May 18, 2022

Tweet

More Decks by Tsuyoshi Miyake

See All by Tsuyoshi Miyake

JFrog 最新情報 - JFrog DevOps プラットフォームの今までとこれから / jfrog-update-for-devopskaigi-2022

0

440

猿でもわかるコンテナ V3 / a-monkeys-guide-to-container-v3

0

75

猿でもわかる DevOps / a-monkeys-guide-to-devops

0

820

はじめての JFrog Platform V2 / getting-started-with-jfrog-platform-v2

0

380

はじめての JFrog Distribution / getting-started-with-jfrog-distribution

0

180

はじめての JFrog Pipelines / getting-started-with-jfrog-pipelines

0

210

はじめての JFrog Xray / getting-started-with-jfrog-xray

0

1.5k

はじめての JFrog Artifactory / getting-started-with-jfrog-artifactory

0

1.1k

はじめての JFrog Platform / getting-started-with-jfrog-platform

0

830

Other Decks in Technology

See All in Technology

【開発を止めるな】機能追加と並行して進めるアーキテクチャ改善/Keep Shipping: Architecture Improvements Without Pausing Dev

PRO

1

120

Snowflake だけで実現する “自立的データ品質管理” ~Data Quality Monitoring 解説 ~@ BUILD Meetup: TOKYO 2025

0

120

【U/Day Tokyo 2025】Cygames流最新スマートフォンゲームの技術設計〜『Shadowverse: Worlds Beyond』におけるアーキテクチャ再設計の挑戦～

PRO

2

1.4k

M&Aで拡大し続けるGENDAのデータ活用を促すためのDatabricks権限管理 / AEON TECH HUB #22

0

230

Connection-based OAuthから学ぶOAuth for AI Agents

0

320

2025年開発生産「可能」性向上報告サイロ解消からチームが能動性を獲得するまで/ 20251216 Naoki Takahashi

PRO

2

220

オープンソースKeycloakのMCP認可サーバの仕様の対応状況 / 20251219 OpenID BizDay #18 LT Keycloak

0

120

Fashion×AI「似合う」を届けるためのWEARのAI戦略

PRO

2

1.1k

Authlete で実装する MCP OAuth 認可サーバー #CIMD の実装を添えて

0

120

1

250

20251219 OpenIDファウンデーション・ジャパン紹介 / OpenID Foundation Japan Intro

0

450

mairuでつくるクレデンシャルレス開発環境 / Credential-less development environment using Mailru

5

590

Featured

See All Featured

Kristin Tynski - Automating Marketing Tasks With AI

PRO

0

110

Game over? The fight for quality and originality in the time of robots

1

65

4 Signs Your Business is Dying

186

22k

Money Talks: Using Revenue to Get Sh*t Done

0

120

Build The Right Thing And Hit Your Dates

38

3k

Ruling the World: When Life Gets Gamed

0

95

Beyond borders and beyond the search box: How to win the global "messy middle" with AI-driven SEO

0

22

Paper Plane (Part 1)

PRO

0

1.9k

Jess Joyce - The Pitfalls of Following Frameworks

PRO

1

25

How To Speak Unicorn (iThemes Webinar)

1

340

Lessons Learnt from Crawling 1000+ Websites

0

950

A Modern Web Designer's Workflow

698

190k

Transcript

DevSecOps with JFrog Platform
2 § § Sr. DevOps Acceleration Engineer @JFrog § DevOps
Liquid Software § @tsuyoshi_miyake [email protected]
3 TPS TPS - Wikipedia: Toyota Production System (https://en.wikipedia.org/wiki/Toyota_Production_System) DevOps
• • • 4
1 SSC N 5 • • •
1 N 6 VCS (Git) CI/CD ??? • • •
SSC OSS B C A OSS OSS SSC SSC 7
8 • • • •
(CVE) by OSS (CVE) Executive Order on Improving the Nation
s Cybersecurity CVE 9
24/7 Dedicated Support + DevOps Acceleration Service Arm BUILD TEST
RELEASE DEPLOY CI/CD On Premises & Multicloud VCS ACCESS FEDERATION ACL SSO 10 JFrog Platform
Artifactory for 11 docker-prod-local docker-dev-local (default) docker-qa-local Docker Hub docker-remote
docker
WATCHES Xray for SBOM (Software Bill of Materials) 12 POLICIES
Security License Fail Build Web Hooks, Slack, Emails XUC (Xray Update Center) Bundle Build Build Repo Repo Frogbot IDE XRAY ARTIFACTORY SBOM (SPDX, CycloneDX)
13 PIPELINES > git commit Public Repos IDE Git Repo
package .json ARTIFACTORY XRAY PLUGIN XRAY DISTRIBUTION DISTRIBUTION EDGE DISTRIBUTION EDGE Connect Pull Request with JFrog Platform
JFrog 14
THANK YOU!