安全なソフトウェアサプライチェーンの実現 / secure-software-supply-c...

Tsuyoshi Miyake

May 18, 2022

25

安全なソフトウェアサプライチェーンの実現 / secure-software-supply-chain-with-jfrog

2022/05/18 に実施した JFrog x SoftBank x PrismaCloud 共同 DevSecOps セミナーの JFrog 発表分です

Tsuyoshi Miyake

May 18, 2022

Tweet

More Decks by Tsuyoshi Miyake

See All by Tsuyoshi Miyake

JFrog 最新情報 - JFrog DevOps プラットフォームの今までとこれから / jfrog-update-for-devopskaigi-2022

0

370

猿でもわかるコンテナ V3 / a-monkeys-guide-to-container-v3

0

42

猿でもわかる DevOps / a-monkeys-guide-to-devops

0

730

はじめての JFrog Platform V2 / getting-started-with-jfrog-platform-v2

0

280

はじめての JFrog Distribution / getting-started-with-jfrog-distribution

0

150

はじめての JFrog Pipelines / getting-started-with-jfrog-pipelines

0

180

はじめての JFrog Xray / getting-started-with-jfrog-xray

0

1.4k

はじめての JFrog Artifactory / getting-started-with-jfrog-artifactory

0

900

はじめての JFrog Platform / getting-started-with-jfrog-platform

0

750

Other Decks in Technology

See All in Technology

AWS re:Invent 2024で発表されたコードを書く開発者向け機能について

0

190

複雑性の高いオブジェクト編集に向き合う: プラガブルなReactフォーム設計

0

110

UI State設計とテスト方針

2

450

re:Invent をおうちで楽しんでみた～CloudWatch のオブザーバビリティ機能がスゴい！/ Enjoyed AWS re:Invent from Home and CloudWatch Observability Feature is Amazing!

0

120

多領域インシデントマネジメントへの挑戦：ハードウェアとソフトウェアの融合が生む課題/Challenge to multidisciplinary incident management: Issues created by the fusion of hardware and software

2

100

re:Invent 2024 Innovation Talks(NET201)で語られた大切なこと

0

300

NilAway による静的解析で「10 億ドル」を節約する #kyotogo / Kyoto Go 56th

3

370

20241214_WACATE2024冬_テスト設計技法をチョット俯瞰してみよう

3

440

フロントエンド設計にモブ設計を導入してみた / 20241212_cloudsign_TechFrontMeetup

0

1.9k

10個のフィルタをAXI4-Streamでつなげてみた

0

160

MLOps の現場から

6

630

Amazon SageMaker Unified Studio（Preview）、Lakehouse と Amazon S3 Tables

ishikawa_satoru

0

150

Featured

See All Featured

Large-scale JavaScript Application Architecture

510

110k

GitHub's CSS Performance

1030

460k

StorybookのUI Testing Handbookを読んだ

27

5.3k

sergeychernyshev

25

670

The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024

17

2.3k

Stop Working from a Prison Cell

267

20k

Embracing the Ebb and Flow

84

4.5k

Building Applications with DynamoDB

91

6.1k

4 Signs Your Business is Dying

181

21k

Statistics for Hackers

796

220k

Raft: Consensus for Rubyists

137

6.7k

Unsuck your backbone

669

57k

Transcript

DevSecOps with JFrog Platform
2 § § Sr. DevOps Acceleration Engineer @JFrog § DevOps
Liquid Software § @tsuyoshi_miyake [email protected]
3 TPS TPS - Wikipedia: Toyota Production System (https://en.wikipedia.org/wiki/Toyota_Production_System) DevOps
• • • 4
1 SSC N 5 • • •
1 N 6 VCS (Git) CI/CD ??? • • •
SSC OSS B C A OSS OSS SSC SSC 7
8 • • • •
(CVE) by OSS (CVE) Executive Order on Improving the Nation
s Cybersecurity CVE 9
24/7 Dedicated Support + DevOps Acceleration Service Arm BUILD TEST
RELEASE DEPLOY CI/CD On Premises & Multicloud VCS ACCESS FEDERATION ACL SSO 10 JFrog Platform
Artifactory for 11 docker-prod-local docker-dev-local (default) docker-qa-local Docker Hub docker-remote
docker
WATCHES Xray for SBOM (Software Bill of Materials) 12 POLICIES
Security License Fail Build Web Hooks, Slack, Emails XUC (Xray Update Center) Bundle Build Build Repo Repo Frogbot IDE XRAY ARTIFACTORY SBOM (SPDX, CycloneDX)
13 PIPELINES > git commit Public Repos IDE Git Repo
package .json ARTIFACTORY XRAY PLUGIN XRAY DISTRIBUTION DISTRIBUTION EDGE DISTRIBUTION EDGE Connect Pull Request with JFrog Platform
JFrog 14
THANK YOU!