安全なソフトウェアサプライチェーンの実現 / secure-software-supply-c...

Tsuyoshi Miyake

May 18, 2022

53

安全なソフトウェアサプライチェーンの実現 / secure-software-supply-chain-with-jfrog

2022/05/18 に実施した JFrog x SoftBank x PrismaCloud 共同 DevSecOps セミナーの JFrog 発表分です

Tsuyoshi Miyake

May 18, 2022

More Decks by Tsuyoshi Miyake

See All by Tsuyoshi Miyake

JFrog 最新情報 - JFrog DevOps プラットフォームの今までとこれから / jfrog-update-for-devopskaigi-2022

0

460

猿でもわかるコンテナ V3 / a-monkeys-guide-to-container-v3

0

94

猿でもわかる DevOps / a-monkeys-guide-to-devops

0

870

はじめての JFrog Platform V2 / getting-started-with-jfrog-platform-v2

0

420

はじめての JFrog Distribution / getting-started-with-jfrog-distribution

0

200

はじめての JFrog Pipelines / getting-started-with-jfrog-pipelines

0

240

はじめての JFrog Xray / getting-started-with-jfrog-xray

0

1.6k

はじめての JFrog Artifactory / getting-started-with-jfrog-artifactory

0

1.2k

はじめての JFrog Platform / getting-started-with-jfrog-platform

0

860

Other Decks in Technology

See All in Technology

美味しいスイスチーズを作ろう🧀🐭

1

230

Spring Boot における AOT Cache 活用テクニックと起動時間改善事例

0

200

AIを「創る」と「使う」の循環 — HRテックが実践するリアルなAI組織実装

0

1.1k

速さだけじゃない！ VoidZero ツールが移行先に選ばれる理由

PRO

6

730

Dynamic Workersについて

2

570

AIガバナンス実践 - 生成AIコネクタのデータ漏洩リスクと実務対策

0

170

Javaコミュニティをもっと楽しむための9箇条

0

1.2k

Agentic ERPをどう設計するかー受発注エージェントを動かす、現場の知見と設計思想ー

1

1.1k

Diagnosing performance problems without the guesswork

0

160

最低限これだけ押さえれ大丈夫_Claude Enterprise/Team企業展開ガバナンス入門

1

720

【５分でわかる】セーフィーエンジニア向け会社紹介

0

50k

個人AIからチームAIへ：開発における品質と生産性の再設計

PRO

0

370

Featured

See All Featured

Design and Strategy: How to Deal with People Who Don’t "Get" Design

133

19k

Practical Orchestrator

191

11k

Making Projects Easy

120

6.7k

Prompt Engineering for Job Search

0

330

A better future with KSS

240

18k

Automating Front-end Workflow

1370

210k

The Illustrated Guide to Node.js - THAT Conference 2024

1

370

Code Review Best Practice

74

20k

The MySQL Ecosystem @ GitHub 2015

251

13k

Information Architects: The Missing Link in Design Systems

0

960

Site-Speed That Sticks

13

1.2k

sergeychernyshev

33

1.8k

Transcript

DevSecOps with JFrog Platform
2 § § Sr. DevOps Acceleration Engineer @JFrog § DevOps
Liquid Software § @tsuyoshi_miyake [email protected]
3 TPS TPS - Wikipedia: Toyota Production System (https://en.wikipedia.org/wiki/Toyota_Production_System) DevOps
• • • 4
1 SSC N 5 • • •
1 N 6 VCS (Git) CI/CD ??? • • •
SSC OSS B C A OSS OSS SSC SSC 7
8 • • • •
(CVE) by OSS (CVE) Executive Order on Improving the Nation
s Cybersecurity CVE 9
24/7 Dedicated Support + DevOps Acceleration Service Arm BUILD TEST
RELEASE DEPLOY CI/CD On Premises & Multicloud VCS ACCESS FEDERATION ACL SSO 10 JFrog Platform
Artifactory for 11 docker-prod-local docker-dev-local (default) docker-qa-local Docker Hub docker-remote
docker
WATCHES Xray for SBOM (Software Bill of Materials) 12 POLICIES
Security License Fail Build Web Hooks, Slack, Emails XUC (Xray Update Center) Bundle Build Build Repo Repo Frogbot IDE XRAY ARTIFACTORY SBOM (SPDX, CycloneDX)
13 PIPELINES > git commit Public Repos IDE Git Repo
package .json ARTIFACTORY XRAY PLUGIN XRAY DISTRIBUTION DISTRIBUTION EDGE DISTRIBUTION EDGE Connect Pull Request with JFrog Platform
JFrog 14
THANK YOU!