安全なソフトウェアサプライチェーンの実現 / secure-software-supply-c...

Ship Features Fearlessly Turn features on and off without deploys. Used by thousands of Ruby developers. →

Tsuyoshi Miyake

May 18, 2022

51

安全なソフトウェアサプライチェーンの実現 / secure-software-supply-chain-with-jfrog

2022/05/18 に実施した JFrog x SoftBank x PrismaCloud 共同 DevSecOps セミナーの JFrog 発表分です

Tsuyoshi Miyake

May 18, 2022

More Decks by Tsuyoshi Miyake

See All by Tsuyoshi Miyake

JFrog 最新情報 - JFrog DevOps プラットフォームの今までとこれから / jfrog-update-for-devopskaigi-2022

0

460

猿でもわかるコンテナ V3 / a-monkeys-guide-to-container-v3

0

85

猿でもわかる DevOps / a-monkeys-guide-to-devops

0

860

はじめての JFrog Platform V2 / getting-started-with-jfrog-platform-v2

0

410

はじめての JFrog Distribution / getting-started-with-jfrog-distribution

0

190

はじめての JFrog Pipelines / getting-started-with-jfrog-pipelines

0

230

はじめての JFrog Xray / getting-started-with-jfrog-xray

0

1.6k

はじめての JFrog Artifactory / getting-started-with-jfrog-artifactory

0

1.2k

はじめての JFrog Platform / getting-started-with-jfrog-platform

0

850

Other Decks in Technology

See All in Technology

自分のハンドルは自分で握れ！ ― 自分のケイパビリティを増やし、メンバーのケイパビリティ獲得を支援する ― / Take the wheel yourself

1

880

研究開発部メンバーの働き⽅ / Sansan R&D Profile

PRO

4

23k

EarthCopilotに学ぶマルチエージェントオーケストレーション

0

280

LLM時代の検索アーキテクチャと技術的意思決定

3

1.1k

Introduction to Sansan, inc / Sansan Global Development Center, Inc.

PRO

0

3k

AI時代のガードレールとしてのAPIガバナンス

0

230

Rapid Start: Faster Internet Connections, with Ruby's Help

2

180

小説執筆のハーネスエンジニアリング

0

600

最初の一歩を踏み出せなかった私が、誰かの背中を押したいと思うようになるまで / give someone a push

0

160

AzureのIaC管理からログ調査まで、随所に役立つSkillsとCustom-Instructions / Boosting IaC and Log Analysis with Skills

0

220

マルチエージェント × ハーネスエンジニアリング × GitLab Duo Agent Platformで実現する「AIエージェントに仕事をさせる時代へ。」 / 20260421 GitLab Duo Agent Platform

0

150

20260423_執筆の工夫と裏側技術書の企画から刊行まで / From the planning to the publication of technical book

3

380

Featured

See All Featured

0

540

Exploring the relationship between traditional SERPs and Gen AI search

raygrieselhuber

PRO

2

3.8k

Put a Button on it: Removing Barriers to Going Fast.

60

4.2k

New Earth Scene 8

3

2.1k

Designing Experiences People Love

143

24k

Building Better People: How to give real-time feedback that sticks.

370

20k

CSS Pre-Processors: Stylus, Less & Sass

360

30k

Dealing with People You Can't Stand - Big Design 2015

367

27k

Digital Projects Gone Horribly Wrong (And the UX Pros Who Still Save the Day) - Dean Schuster

0

1.1k

Effective software design: The role of men in debugging patriarchy in IT @ Voxxed Days AMS

0

290

ラッコキーワードサービス紹介資料

1

3M

Into the Great Unknown - MozCon

40

2.4k

Transcript

DevSecOps with JFrog Platform
2 § § Sr. DevOps Acceleration Engineer @JFrog § DevOps
Liquid Software § @tsuyoshi_miyake [email protected]
3 TPS TPS - Wikipedia: Toyota Production System (https://en.wikipedia.org/wiki/Toyota_Production_System) DevOps
• • • 4
1 SSC N 5 • • •
1 N 6 VCS (Git) CI/CD ??? • • •
SSC OSS B C A OSS OSS SSC SSC 7
8 • • • •
(CVE) by OSS (CVE) Executive Order on Improving the Nation
s Cybersecurity CVE 9
24/7 Dedicated Support + DevOps Acceleration Service Arm BUILD TEST
RELEASE DEPLOY CI/CD On Premises & Multicloud VCS ACCESS FEDERATION ACL SSO 10 JFrog Platform
Artifactory for 11 docker-prod-local docker-dev-local (default) docker-qa-local Docker Hub docker-remote
docker
WATCHES Xray for SBOM (Software Bill of Materials) 12 POLICIES
Security License Fail Build Web Hooks, Slack, Emails XUC (Xray Update Center) Bundle Build Build Repo Repo Frogbot IDE XRAY ARTIFACTORY SBOM (SPDX, CycloneDX)
13 PIPELINES > git commit Public Repos IDE Git Repo
package .json ARTIFACTORY XRAY PLUGIN XRAY DISTRIBUTION DISTRIBUTION EDGE DISTRIBUTION EDGE Connect Pull Request with JFrog Platform
JFrog 14
THANK YOU!