安全なソフトウェアサプライチェーンの実現 / secure-software-supply-chain-with-jfrog

Tsuyoshi Miyake

May 18, 2022

16

安全なソフトウェアサプライチェーンの実現 / secure-software-supply-chain-with-jfrog

2022/05/18 に実施した JFrog x SoftBank x PrismaCloud 共同 DevSecOps セミナーの JFrog 発表分です

Tsuyoshi Miyake

May 18, 2022

Tweet

More Decks by Tsuyoshi Miyake

See All by Tsuyoshi Miyake

JFrog 最新情報 - JFrog DevOps プラットフォームの今までとこれから / jfrog-update-for-devopskaigi-2022

0

310

猿でもわかるコンテナ V3 / a-monkeys-guide-to-container-v3

0

21

猿でもわかる DevOps / a-monkeys-guide-to-devops

0

680

はじめての JFrog Platform V2 / getting-started-with-jfrog-platform-v2

0

220

はじめての JFrog Distribution / getting-started-with-jfrog-distribution

0

140

はじめての JFrog Pipelines / getting-started-with-jfrog-pipelines

0

160

はじめての JFrog Xray / getting-started-with-jfrog-xray

0

1.3k

はじめての JFrog Artifactory / getting-started-with-jfrog-artifactory

0

790

はじめての JFrog Platform / getting-started-with-jfrog-platform

0

730

Other Decks in Technology

See All in Technology

VS CodeでAWSを操作しよう

7

1.6k

どうするコスト最適化のトレードオフ

1

480

Azure犬駆動開発の記録/GlobalAzureFukuoka2024_20240420

1

200

ChatGPT for IT Service Management (IT Pro)

7

1.5k

最近たまに見かけるTiDBってなんだ？ - Findy

2

760

チームでロジカルシンキングに改めて向き合っている話〜学習環境と実践⽅法〜

1

1.1k

FrontDoorとWebAppsを組み合わせた際のリダイレクト処理の注意点

kenichirokimura

1

480

ワールドカフェI ／チューターを改良する / World Café I and Improving the Tutors

0

110

Databricks における『MLOps』

databricksjapan

2

160

エンジニア候補者向け資料2024.04.24.pdf

0

3.3k

開発生産性向上サービスを作るFindyが自分たちで開発生産性を爆上げした組織づくりの歩み / Findy's path to boosting its own development productivity 2024-04-17

3

600

Kernel MemoryでAzure OpenAI Serviceとお手軽データソース連携

1

180

Featured

See All Featured

No one is an island. Learnings from fostering a developers community.

16

2.1k

Creating an realtime collaboration tool: Agile Flush - .NET Oxford

14

1.5k

Building a Modern Day  E-commerce SEO Strategy

17

6.4k

A better future with KSS

231

16k

Designing Dashboards & Data Visualisations in Web Apps

226

51k

3

540

Designing for humans not robots

248

25k

Bootstrapping a Software Product

302

110k

I Don’t Have Time: Getting Over the Fear to Launch Your Podcast

21

1.6k

Web Components: a chance to create the future

305

41k

[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails

2

1.3k

Bash Introduction

604

210k

Transcript

DevSecOps with JFrog Platform
2 § § Sr. DevOps Acceleration Engineer @JFrog § DevOps
Liquid Software § @tsuyoshi_miyake [email protected]
3 TPS TPS - Wikipedia: Toyota Production System (https://en.wikipedia.org/wiki/Toyota_Production_System) DevOps
• • • 4
1 SSC N 5 • • •
1 N 6 VCS (Git) CI/CD ??? • • •
SSC OSS B C A OSS OSS SSC SSC 7
8 • • • •
(CVE) by OSS (CVE) Executive Order on Improving the Nation
s Cybersecurity CVE 9
24/7 Dedicated Support + DevOps Acceleration Service Arm BUILD TEST
RELEASE DEPLOY CI/CD On Premises & Multicloud VCS ACCESS FEDERATION ACL SSO 10 JFrog Platform
Artifactory for 11 docker-prod-local docker-dev-local (default) docker-qa-local Docker Hub docker-remote
docker
WATCHES Xray for SBOM (Software Bill of Materials) 12 POLICIES
Security License Fail Build Web Hooks, Slack, Emails XUC (Xray Update Center) Bundle Build Build Repo Repo Frogbot IDE XRAY ARTIFACTORY SBOM (SPDX, CycloneDX)
13 PIPELINES > git commit Public Repos IDE Git Repo
package .json ARTIFACTORY XRAY PLUGIN XRAY DISTRIBUTION DISTRIBUTION EDGE DISTRIBUTION EDGE Connect Pull Request with JFrog Platform
JFrog 14
THANK YOU!