Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
安全なソフトウェアサプライチェーンの実現 / secure-software-supply-c...
Search
Tsuyoshi Miyake
May 18, 2022
Technology
0
23
安全なソフトウェアサプライチェーンの実現 / secure-software-supply-chain-with-jfrog
2022/05/18 に実施した JFrog x SoftBank x PrismaCloud 共同 DevSecOps セミナーの JFrog 発表分です
Tsuyoshi Miyake
May 18, 2022
Tweet
Share
More Decks by Tsuyoshi Miyake
See All by Tsuyoshi Miyake
JFrog 最新情報 - JFrog DevOps プラットフォームの今までとこれから / jfrog-update-for-devopskaigi-2022
tsuyo
0
360
猿でもわかるコンテナ V3 / a-monkeys-guide-to-container-v3
tsuyo
0
41
猿でもわかる DevOps / a-monkeys-guide-to-devops
tsuyo
0
710
はじめての JFrog Platform V2 / getting-started-with-jfrog-platform-v2
tsuyo
0
260
はじめての JFrog Distribution / getting-started-with-jfrog-distribution
tsuyo
0
150
はじめての JFrog Pipelines / getting-started-with-jfrog-pipelines
tsuyo
0
170
はじめての JFrog Xray / getting-started-with-jfrog-xray
tsuyo
0
1.3k
はじめての JFrog Artifactory / getting-started-with-jfrog-artifactory
tsuyo
0
880
はじめての JFrog Platform / getting-started-with-jfrog-platform
tsuyo
0
750
Other Decks in Technology
See All in Technology
pandasはPolarsに性能面で追いつき追い越せるのか
vaaaaanquish
4
4.7k
【若手エンジニア応援LT会】AWSで繋がり、共に成長! ~コミュニティ活動と新人教育への挑戦~
kazushi_ohata
0
180
日経電子版におけるリアルタイムレコメンドシステム開発の事例紹介/nikkei-realtime-recommender-system
yng87
1
510
カメラを用いた店内計測におけるオプトインの仕組みの実現 / ai-optin-camera
cyberagentdevelopers
PRO
1
120
プロダクト成長に対応するプラットフォーム戦略:Authleteによる共通認証基盤の移行事例 / Building an authentication platform using Authlete and AWS
kakehashi
1
150
バクラクにおける可観測性向上の取り組み
yuu26
3
420
物価高なラスベガスでの過ごし方
zakky
0
390
運用イベント対応への生成AIの活用 with Failure Analysis Assistant
suzukyz
0
110
リンクアンドモチベーション ソフトウェアエンジニア向け紹介資料 / Introduction to Link and Motivation for Software Engineers
lmi
4
290k
君は隠しイベントを見つけれるか?
mujyun
0
300
来年もre:Invent2024 に行きたいあなたへ - “集中”と“つながり”で楽しむ -
ny7760
0
480
いまならこう作りたい AWSコンテナ[本格]入門ハンズオン 〜2024年版 ハンズオンの構想〜
horsewin
9
2.1k
Featured
See All Featured
VelocityConf: Rendering Performance Case Studies
addyosmani
325
24k
Bash Introduction
62gerente
608
210k
Building Flexible Design Systems
yeseniaperezcruz
327
38k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
231
17k
Making the Leap to Tech Lead
cromwellryan
132
8.9k
Navigating Team Friction
lara
183
14k
GitHub's CSS Performance
jonrohan
1030
460k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
27
1.9k
Designing the Hi-DPI Web
ddemaree
280
34k
Teambox: Starting and Learning
jrom
132
8.7k
Gamification - CAS2011
davidbonilla
80
5k
Rails Girls Zürich Keynote
gr2m
93
13k
Transcript
DevSecOps with JFrog Platform
2 § § Sr. DevOps Acceleration Engineer @JFrog § DevOps
Liquid Software § @tsuyoshi_miyake
[email protected]
3 TPS TPS - Wikipedia: Toyota Production System (https://en.wikipedia.org/wiki/Toyota_Production_System) DevOps
• • • 4
1 SSC N 5 • • •
1 N 6 VCS (Git) CI/CD ??? • • •
SSC OSS B C A OSS OSS SSC SSC 7
8 • • • •
(CVE) by OSS (CVE) Executive Order on Improving the Nation
s Cybersecurity CVE 9
24/7 Dedicated Support + DevOps Acceleration Service Arm BUILD TEST
RELEASE DEPLOY CI/CD On Premises & Multicloud VCS ACCESS FEDERATION ACL SSO 10 JFrog Platform
Artifactory for 11 docker-prod-local docker-dev-local (default) docker-qa-local Docker Hub docker-remote
docker
WATCHES Xray for SBOM (Software Bill of Materials) 12 POLICIES
Security License Fail Build Web Hooks, Slack, Emails XUC (Xray Update Center) Bundle Build Build Repo Repo Frogbot IDE XRAY ARTIFACTORY SBOM (SPDX, CycloneDX)
13 PIPELINES > git commit Public Repos IDE Git Repo
package .json ARTIFACTORY XRAY PLUGIN XRAY DISTRIBUTION DISTRIBUTION EDGE DISTRIBUTION EDGE Connect Pull Request with JFrog Platform
JFrog 14
THANK YOU!