安全なソフトウェアサプライチェーンの実現 / secure-software-supply-c...

Tsuyoshi Miyake

May 18, 2022

47

安全なソフトウェアサプライチェーンの実現 / secure-software-supply-chain-with-jfrog

2022/05/18 に実施した JFrog x SoftBank x PrismaCloud 共同 DevSecOps セミナーの JFrog 発表分です

Tsuyoshi Miyake

May 18, 2022

Tweet

More Decks by Tsuyoshi Miyake

See All by Tsuyoshi Miyake

JFrog 最新情報 - JFrog DevOps プラットフォームの今までとこれから / jfrog-update-for-devopskaigi-2022

0

450

猿でもわかるコンテナ V3 / a-monkeys-guide-to-container-v3

0

78

猿でもわかる DevOps / a-monkeys-guide-to-devops

0

840

はじめての JFrog Platform V2 / getting-started-with-jfrog-platform-v2

0

390

はじめての JFrog Distribution / getting-started-with-jfrog-distribution

0

180

はじめての JFrog Pipelines / getting-started-with-jfrog-pipelines

0

220

はじめての JFrog Xray / getting-started-with-jfrog-xray

0

1.5k

はじめての JFrog Artifactory / getting-started-with-jfrog-artifactory

0

1.2k

はじめての JFrog Platform / getting-started-with-jfrog-platform

0

830

Other Decks in Technology

See All in Technology

Kiro IDEのドキュメントを全部読んだので地味だけどちょっと嬉しい機能を紹介する

0

200

マーケットプレイス版Oracle WebCenter Content For OCI

oracle4engineer

PRO

5

1.6k

AI駆動PjMの理想像と現在地 -実践例を添えて-

masahiro_okamura

1

120

プロポーザルに込める段取り八分

1

280

レガシー共有バッチ基盤への挑戦 - SREドリブンなリアーキテクチャリングの取り組み

0

220

Digitization部紹介資料

PRO

1

6.8k

セキュリティについて学ぶ会 / 2026 01 25 Takamatsu WordPress Meetup

1

300

量子クラウドサービスの裏側　〜Deep Dive into OQTOPUS〜

0

120

~Everything as Codeを諦めない~ 後からCDK

3

400

予期せぬコストの急増を障害のように扱う――「コスト版ポストモーテム」の導入とその後の改善

1

1.9k

Red Hat OpenStack Services on OpenShift

0

110

仕様書駆動AI開発の実践： Issue→Skill→PRテンプレで再現性を作る

2

670

Featured

See All Featured

Distributed Sagas: A Protocol for Coordinating Microservices

333

22k

A better future with KSS

240

18k

Agile Leadership in an Agile Organization

PRO

0

82

Navigating Weather and Climate Data

0

110

Claude Code のすすめ

67

210k

Accessibility Awareness

0

52

Breaking role norms: Why Content Design is so much more than writing copy - Taylor Woolridge

0

170

A designer walks into a library…

pauljervisheath

210

24k

Refactoring Trust on Your Teams (GOTO; Chicago 2020)

35

3.4k

Navigating Algorithm Shifts & AI Overviews - #SMXNext

0

1.1k

Tell your own story through comics

1

810

The #1 spot is gone: here's how to win anyway

tamaranovitovic

2

940

Transcript

DevSecOps with JFrog Platform
2 § § Sr. DevOps Acceleration Engineer @JFrog § DevOps
Liquid Software § @tsuyoshi_miyake [email protected]
3 TPS TPS - Wikipedia: Toyota Production System (https://en.wikipedia.org/wiki/Toyota_Production_System) DevOps
• • • 4
1 SSC N 5 • • •
1 N 6 VCS (Git) CI/CD ??? • • •
SSC OSS B C A OSS OSS SSC SSC 7
8 • • • •
(CVE) by OSS (CVE) Executive Order on Improving the Nation
s Cybersecurity CVE 9
24/7 Dedicated Support + DevOps Acceleration Service Arm BUILD TEST
RELEASE DEPLOY CI/CD On Premises & Multicloud VCS ACCESS FEDERATION ACL SSO 10 JFrog Platform
Artifactory for 11 docker-prod-local docker-dev-local (default) docker-qa-local Docker Hub docker-remote
docker
WATCHES Xray for SBOM (Software Bill of Materials) 12 POLICIES
Security License Fail Build Web Hooks, Slack, Emails XUC (Xray Update Center) Bundle Build Build Repo Repo Frogbot IDE XRAY ARTIFACTORY SBOM (SPDX, CycloneDX)
13 PIPELINES > git commit Public Repos IDE Git Repo
package .json ARTIFACTORY XRAY PLUGIN XRAY DISTRIBUTION DISTRIBUTION EDGE DISTRIBUTION EDGE Connect Pull Request with JFrog Platform
JFrog 14
THANK YOU!