安全なソフトウェアサプライチェーンの実現 / secure-software-supply-c...

Tsuyoshi Miyake

May 18, 2022

46

安全なソフトウェアサプライチェーンの実現 / secure-software-supply-chain-with-jfrog

2022/05/18 に実施した JFrog x SoftBank x PrismaCloud 共同 DevSecOps セミナーの JFrog 発表分です

Tsuyoshi Miyake

May 18, 2022

Tweet

More Decks by Tsuyoshi Miyake

See All by Tsuyoshi Miyake

JFrog 最新情報 - JFrog DevOps プラットフォームの今までとこれから / jfrog-update-for-devopskaigi-2022

0

440

猿でもわかるコンテナ V3 / a-monkeys-guide-to-container-v3

0

77

猿でもわかる DevOps / a-monkeys-guide-to-devops

0

830

はじめての JFrog Platform V2 / getting-started-with-jfrog-platform-v2

0

390

はじめての JFrog Distribution / getting-started-with-jfrog-distribution

0

180

はじめての JFrog Pipelines / getting-started-with-jfrog-pipelines

0

220

はじめての JFrog Xray / getting-started-with-jfrog-xray

0

1.5k

はじめての JFrog Artifactory / getting-started-with-jfrog-artifactory

0

1.2k

はじめての JFrog Platform / getting-started-with-jfrog-platform

0

830

Other Decks in Technology

See All in Technology

CQRS/ESになぜアクターモデルが必要なのか

0

1.2k

Databricks Free Editionで始めるLakeflow SDP

0

130

AI時代のアジャイルチームを目指してースクラムというコンフォートゾーンからの脱却ー / Toward Agile Teams in the Age of AI

11

6.8k

Eight Engineering Unit 紹介資料

PRO

0

6.3k

Security Hub と出会ってから 1年半が過ぎました

0

150

迷わない！AI×MCP連携のリファレンスアーキテクチャ完全ガイド

0

570

アウトプットはいいぞ / output_iizo

0

120

Sansan Engineering Unit 紹介資料

PRO

1

3.7k

Qiita Bash アドカレ LT #1

0

190

【Oracle Cloud ウェビナー】ランサムウェアが突く「侵入の隙」とバックアップの「死角」～過去の教訓に学ぶ — 侵入前提の防御とデータ保護～

oracle4engineer

PRO

0

140

ALB「証明書上限問題」からの脱却

0

210

Digitization部紹介資料

PRO

1

6.6k

Featured

See All Featured

A Guide to Academic Writing Using Generative AI - A Workshop

PRO

0

180

16th Malabo Montpellier Forum Presentation

PRO

0

40

How to build an LLM SEO readiness audit: a practical framework

1

610

個人開発の失敗を避けるイケてる考え方 / tips for indie hackers

122

21k

The Art of Programming - Codeland 2020

57

14k

What's in a price? How to price your products and services

246

13k

Hiding What from Whom? A Critical Review of the History of Programming languages for Music

1

360

Have SEOs Ruined the Internet? - User Awareness of SEO in 2025

0

250

AI: The stuff that nobody shows you

PRO

2

170

Navigating Algorithm Shifts & AI Overviews - #SMXNext

0

1.1k

Being A Developer After 40

91

590k

Writing Fast Ruby

630

62k

Transcript

DevSecOps with JFrog Platform
2 § § Sr. DevOps Acceleration Engineer @JFrog § DevOps
Liquid Software § @tsuyoshi_miyake [email protected]
3 TPS TPS - Wikipedia: Toyota Production System (https://en.wikipedia.org/wiki/Toyota_Production_System) DevOps
• • • 4
1 SSC N 5 • • •
1 N 6 VCS (Git) CI/CD ??? • • •
SSC OSS B C A OSS OSS SSC SSC 7
8 • • • •
(CVE) by OSS (CVE) Executive Order on Improving the Nation
s Cybersecurity CVE 9
24/7 Dedicated Support + DevOps Acceleration Service Arm BUILD TEST
RELEASE DEPLOY CI/CD On Premises & Multicloud VCS ACCESS FEDERATION ACL SSO 10 JFrog Platform
Artifactory for 11 docker-prod-local docker-dev-local (default) docker-qa-local Docker Hub docker-remote
docker
WATCHES Xray for SBOM (Software Bill of Materials) 12 POLICIES
Security License Fail Build Web Hooks, Slack, Emails XUC (Xray Update Center) Bundle Build Build Repo Repo Frogbot IDE XRAY ARTIFACTORY SBOM (SPDX, CycloneDX)
13 PIPELINES > git commit Public Repos IDE Git Repo
package .json ARTIFACTORY XRAY PLUGIN XRAY DISTRIBUTION DISTRIBUTION EDGE DISTRIBUTION EDGE Connect Pull Request with JFrog Platform
JFrog 14
THANK YOU!