安全なソフトウェアサプライチェーンの実現 / secure-software-supply-c...

Tsuyoshi Miyake

May 18, 2022

31

安全なソフトウェアサプライチェーンの実現 / secure-software-supply-chain-with-jfrog

2022/05/18 に実施した JFrog x SoftBank x PrismaCloud 共同 DevSecOps セミナーの JFrog 発表分です

Tsuyoshi Miyake

May 18, 2022

Tweet

More Decks by Tsuyoshi Miyake

See All by Tsuyoshi Miyake

JFrog 最新情報 - JFrog DevOps プラットフォームの今までとこれから / jfrog-update-for-devopskaigi-2022

0

410

猿でもわかるコンテナ V3 / a-monkeys-guide-to-container-v3

0

57

猿でもわかる DevOps / a-monkeys-guide-to-devops

0

780

はじめての JFrog Platform V2 / getting-started-with-jfrog-platform-v2

0

330

はじめての JFrog Distribution / getting-started-with-jfrog-distribution

0

160

はじめての JFrog Pipelines / getting-started-with-jfrog-pipelines

0

200

はじめての JFrog Xray / getting-started-with-jfrog-xray

0

1.5k

はじめての JFrog Artifactory / getting-started-with-jfrog-artifactory

0

1k

はじめての JFrog Platform / getting-started-with-jfrog-platform

0

790

Other Decks in Technology

See All in Technology

IAMのマニアックな話 2025を執筆して、見えてきたAWSアカウント管理の現在

4

550

vLLM meetup Tokyo

1

210

技術職じゃない私がVibe Codingで感じた、AGIが身近になる未来

0

120

CI/CDとタスク共有で加速するVibe Coding

0

150

「実体」で築く共通認識: 開発現場のコミュニケーション最適化 / Let's Get on the Same Page with Concrete Artifacts: Optimization of Communication in dev teams

0

140

Model Mondays S2E01: Advanced Reasoning

0

340

DB 醬，嗨！哪泥嘎斯基？

line_developers_tw

0

150

Whats_new_in_Podman_and_CRI-O_2025-06

3

180

Autonomous Database サービス・アップデート (FY25)

oracle4engineer

2

770

AWS全冠したので振りかえってみる

0

140

上長や社内ステークホルダーに対する解像度を上げて、より良い補完関係を築く方法 / How-to-increase-resolution-and-build-better-complementary-relationships-with-your-bosses-and-internal-stakeholders

13

7.6k

開発効率と信頼性を両立する Ubieのプラットフォームエンジニアリング

0

140

Featured

See All Featured

Stop Working from a Prison Cell

269

20k

Documentation Writing (for coders)

71

4.9k

459

140k

Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End

252

21k

Evolution of real-time – Irina Nazarova, EuRuKo, 2024

8

780

YesSQL, Process and Tooling at Scale

172

14k

Navigating Team Friction

186

15k

Chrome DevTools: State of the Union 2024 - Debugging React & Beyond

6

690

Mobile First: as difficult as doing things right

223

9.6k

Faster Mobile Websites

307

31k

The World Runs on Bad Software

68

11k

[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails

35

2.3k

Transcript

DevSecOps with JFrog Platform
2 § § Sr. DevOps Acceleration Engineer @JFrog § DevOps
Liquid Software § @tsuyoshi_miyake [email protected]
3 TPS TPS - Wikipedia: Toyota Production System (https://en.wikipedia.org/wiki/Toyota_Production_System) DevOps
• • • 4
1 SSC N 5 • • •
1 N 6 VCS (Git) CI/CD ??? • • •
SSC OSS B C A OSS OSS SSC SSC 7
8 • • • •
(CVE) by OSS (CVE) Executive Order on Improving the Nation
s Cybersecurity CVE 9
24/7 Dedicated Support + DevOps Acceleration Service Arm BUILD TEST
RELEASE DEPLOY CI/CD On Premises & Multicloud VCS ACCESS FEDERATION ACL SSO 10 JFrog Platform
Artifactory for 11 docker-prod-local docker-dev-local (default) docker-qa-local Docker Hub docker-remote
docker
WATCHES Xray for SBOM (Software Bill of Materials) 12 POLICIES
Security License Fail Build Web Hooks, Slack, Emails XUC (Xray Update Center) Bundle Build Build Repo Repo Frogbot IDE XRAY ARTIFACTORY SBOM (SPDX, CycloneDX)
13 PIPELINES > git commit Public Repos IDE Git Repo
package .json ARTIFACTORY XRAY PLUGIN XRAY DISTRIBUTION DISTRIBUTION EDGE DISTRIBUTION EDGE Connect Pull Request with JFrog Platform
JFrog 14
THANK YOU!