安全なソフトウェアサプライチェーンの実現 / secure-software-supply-chain-with-jfrog

Tsuyoshi Miyake

May 18, 2022

Technology

5

安全なソフトウェアサプライチェーンの実現 / secure-software-supply-chain-with-jfrog

2022/05/18 に実施した JFrog x SoftBank x PrismaCloud 共同 DevSecOps セミナーの JFrog 発表分です

Tsuyoshi Miyake

May 18, 2022

Tweet

More Decks by Tsuyoshi Miyake

See All by Tsuyoshi Miyake

JFrog 最新情報 - JFrog DevOps プラットフォームの今までとこれから / jfrog-update-for-devopskaigi-2022

猿でもわかるコンテナ V3 / a-monkeys-guide-to-container-v3

猿でもわかる DevOps / a-monkeys-guide-to-devops

はじめての JFrog Platform V2 / getting-started-with-jfrog-platform-v2

はじめての JFrog Distribution / getting-started-with-jfrog-distribution

はじめての JFrog Pipelines / getting-started-with-jfrog-pipelines

はじめての JFrog Xray / getting-started-with-jfrog-xray

はじめての JFrog Artifactory / getting-started-with-jfrog-artifactory

はじめての JFrog Platform / getting-started-with-jfrog-platform

Other Decks in Technology

See All in Technology

大規模レガシーテストを倒すための CI基盤の作り方 / #CICD2023

Kubernetes + containerd で cgroup v2 に移行したら "failed to create fsnotify watcher" エラーが発生する原因と対策

Webアプリケーション設計の第一歩は ディレクトリの整理から / Encraft 1

How we build Ads Platform in Rust

テスト技法を使ったテストケースの表現方法/How to express test cases using test techniques

Agileを始める前に知っておきたい3つの真実

Privacy Techによる新しいデータ活用の形

line_developers

ワイヤレス電力伝送について

SNS投稿を使ってクラウド障害を検知してみた

エンジニアのためのドキュメントライティング / Docs for Developers and Paragraph Writing

竹芝地区のデジタルツイン開発と3D人流シミュレーション開発

Spring Boot 3.0へのアップデートのハマり所 / Findings in Migrating our Application to Spring Boot 3.0

line_developers

Featured

See All Featured

ピンチをチャンスに：未来をつくるプロダクトロードマップ #pmconf2020

We Have a Design System, Now What?

Why Our Code Smells

Optimizing for Happiness

Building Flexible Design Systems

yeseniaperezcruz

Gamification - CAS2011

The Web Native Designer (August 2011)

paulrobertlloyd

Faster Mobile Websites

Fontdeck: Realign not Redesign

paulrobertlloyd

How New CSS Is Changing Everything About Graphic Design on the Web

Art Directing for the Web. Five minutes with CSS Template Areas

Docker and Python

Transcript

DevSecOps with JFrog Platform

View Slide
2
§
§ Sr. DevOps Acceleration Engineer @JFrog
§ DevOps Liquid Software
§
@tsuyoshi_miyake
[email protected]

View Slide
3
TPS
TPS
- Wikipedia: Toyota Production System (https://en.wikipedia.org/wiki/Toyota_Production_System)
DevOps

View Slide
•
•
•
4

View Slide
1
SSC
N
5
•
•
•

View Slide
1
N
6
VCS (Git)
CI/CD
???
•
•
•

View Slide
SSC
OSS
B
C
A
OSS
OSS
SSC SSC
7

View Slide
8
•
•
•
•

View Slide
(CVE)
by OSS
(CVE)
Executive Order on Improving the Nation s
Cybersecurity
CVE
9

View Slide
24/7 Dedicated Support +
DevOps Acceleration Service Arm
BUILD TEST RELEASE DEPLOY
CI/CD
On Premises
& Multicloud
VCS
ACCESS FEDERATION
ACL SSO
10
JFrog Platform

View Slide
Artifactory for
11
docker-prod-local
docker-dev-local
(default)
docker-qa-local
Docker Hub
docker-remote
docker

View Slide
WATCHES
Xray for SBOM (Software Bill of Materials)
12
POLICIES
Security
License
Fail Build
Web Hooks, Slack, Emails
XUC
(Xray Update
Center)
Bundle
Build
Build
Repo
Repo
Frogbot
IDE
XRAY
ARTIFACTORY
SBOM
(SPDX, CycloneDX)

View Slide
13
PIPELINES
> git commit
Public Repos
IDE
Git Repo
package
.json
ARTIFACTORY
XRAY PLUGIN
XRAY DISTRIBUTION
DISTRIBUTION
EDGE
DISTRIBUTION
EDGE
Connect
Pull Request
with JFrog Platform

View Slide
JFrog
14

View Slide
THANK YOU!

View Slide