安全なソフトウェアサプライチェーンの実現 / secure-software-supply-c...

Tsuyoshi Miyake

May 18, 2022

48

安全なソフトウェアサプライチェーンの実現 / secure-software-supply-chain-with-jfrog

2022/05/18 に実施した JFrog x SoftBank x PrismaCloud 共同 DevSecOps セミナーの JFrog 発表分です

Tsuyoshi Miyake

May 18, 2022

Tweet

More Decks by Tsuyoshi Miyake

See All by Tsuyoshi Miyake

JFrog 最新情報 - JFrog DevOps プラットフォームの今までとこれから / jfrog-update-for-devopskaigi-2022

0

450

猿でもわかるコンテナ V3 / a-monkeys-guide-to-container-v3

0

79

猿でもわかる DevOps / a-monkeys-guide-to-devops

0

840

はじめての JFrog Platform V2 / getting-started-with-jfrog-platform-v2

0

400

はじめての JFrog Distribution / getting-started-with-jfrog-distribution

0

190

はじめての JFrog Pipelines / getting-started-with-jfrog-pipelines

0

220

はじめての JFrog Xray / getting-started-with-jfrog-xray

0

1.6k

はじめての JFrog Artifactory / getting-started-with-jfrog-artifactory

0

1.2k

はじめての JFrog Platform / getting-started-with-jfrog-platform

0

840

Other Decks in Technology

See All in Technology

Bill One 開発エンジニア紹介資料

PRO

5

18k

技術的負債の泥沼から組織を救う3つの転換点

4

430

LINE Messengerの次世代ストレージ選定

PRO

17

6.8k

Claude Cowork Plugins を読む - Skills駆動型業務エージェント設計の実像と構造

0

220

Raspberry Pi AI HAT+ 2 介紹(#49)

PRO

0

150

Introduction to Sansan Meishi Maker Development Engineer

PRO

0

360

競争優位を生み出す戦略的内製開発の実践技法

PRO

2

530

LINEヤフーにおけるAI駆動開発組織のプロデュース施策

PRO

0

370

サンタコンペ2025完全攻略～お前らの焼きなましは遅すぎる～

1

570

Secure Boot 2026 - Aggiornamento dei certificati UEFI e piano di adozione in azienda

0

130

社内ワークショップで終わらせない業務改善AIエージェント開発

PRO

1

440

Microsoft Fabric のワークスペースと容量の設計原則

2

230

Featured

See All Featured

Helping Users Find Their Own Way: Creating Modern Search Experiences

31

3.1k

The Success of Rails: Ensuring Growth for the Next 100 Years

47

8k

Design of three-dimensional binary manipulators for pick-and-place task avoiding obstacles (IECON2024)

0

370

So, you think you're a good person

PRO

2

1.9k

How to Grow Your eCommerce with AI & Automation

PRO

1

130

How to audit for AI Accessibility on your Front & Back End

0

200

svc-hook: hooking system calls on ARM64 by binary rewriting

1

140

Navigating Team Friction

192

16k

The #1 spot is gone: here's how to win anyway

tamaranovitovic

2

970

A designer walks into a library…

pauljervisheath

210

24k

Agile Leadership in an Agile Organization

PRO

0

96

Taking LLMs out of the black box: A practical guide to human-in-the-loop distillation

PRO

3

2.1k

Transcript

DevSecOps with JFrog Platform
2 § § Sr. DevOps Acceleration Engineer @JFrog § DevOps
Liquid Software § @tsuyoshi_miyake [email protected]
3 TPS TPS - Wikipedia: Toyota Production System (https://en.wikipedia.org/wiki/Toyota_Production_System) DevOps
• • • 4
1 SSC N 5 • • •
1 N 6 VCS (Git) CI/CD ??? • • •
SSC OSS B C A OSS OSS SSC SSC 7
8 • • • •
(CVE) by OSS (CVE) Executive Order on Improving the Nation
s Cybersecurity CVE 9
24/7 Dedicated Support + DevOps Acceleration Service Arm BUILD TEST
RELEASE DEPLOY CI/CD On Premises & Multicloud VCS ACCESS FEDERATION ACL SSO 10 JFrog Platform
Artifactory for 11 docker-prod-local docker-dev-local (default) docker-qa-local Docker Hub docker-remote
docker
WATCHES Xray for SBOM (Software Bill of Materials) 12 POLICIES
Security License Fail Build Web Hooks, Slack, Emails XUC (Xray Update Center) Bundle Build Build Repo Repo Frogbot IDE XRAY ARTIFACTORY SBOM (SPDX, CycloneDX)
13 PIPELINES > git commit Public Repos IDE Git Repo
package .json ARTIFACTORY XRAY PLUGIN XRAY DISTRIBUTION DISTRIBUTION EDGE DISTRIBUTION EDGE Connect Pull Request with JFrog Platform
JFrog 14
THANK YOU!