安全なソフトウェアサプライチェーンの実現 / secure-software-supply-c...

Tsuyoshi Miyake

May 18, 2022

42

安全なソフトウェアサプライチェーンの実現 / secure-software-supply-chain-with-jfrog

2022/05/18 に実施した JFrog x SoftBank x PrismaCloud 共同 DevSecOps セミナーの JFrog 発表分です

Tsuyoshi Miyake

May 18, 2022

Tweet

More Decks by Tsuyoshi Miyake

See All by Tsuyoshi Miyake

JFrog 最新情報 - JFrog DevOps プラットフォームの今までとこれから / jfrog-update-for-devopskaigi-2022

0

440

猿でもわかるコンテナ V3 / a-monkeys-guide-to-container-v3

0

72

猿でもわかる DevOps / a-monkeys-guide-to-devops

0

820

はじめての JFrog Platform V2 / getting-started-with-jfrog-platform-v2

0

370

はじめての JFrog Distribution / getting-started-with-jfrog-distribution

0

180

はじめての JFrog Pipelines / getting-started-with-jfrog-pipelines

0

210

はじめての JFrog Xray / getting-started-with-jfrog-xray

0

1.5k

はじめての JFrog Artifactory / getting-started-with-jfrog-artifactory

0

1.1k

はじめての JFrog Platform / getting-started-with-jfrog-platform

0

820

Other Decks in Technology

See All in Technology

会社紹介資料 / Sansan Company Profile

PRO

11

390k

ログ管理の新たな可能性？CloudWatchの新機能をご紹介

1

640

モダンデータスタック (MDS) の話とデータ分析が起こすビジネス変革

0

450

学習データって増やせばいいんですか？

2

300

AI駆動開発における設計思想認知負荷を下げるフロントエンドアーキテクチャ/ 20251211 Teppei Hanai

PRO

2

330

【AWS re:Invent 2025速報】AIビルダー向けアップデートをまとめて解説！

4

500

AIと二人三脚で育てた、個人開発アプリグロース術

PRO

1

710

RAG/Agent開発のアップデートまとめ

0

160

AI時代の開発フローとともに気を付けたいこと

0

2.8k

AI活用によるPRレビュー改善の歩み ― 社内全体に広がる学びと実践

PRO

1

200

[JAWS-UG 横浜支部 #91]DevOps Agent vs CloudWatch Investigations -比較と実践-

1

250

SSO方式とJumpアカウント方式の比較と設計方針

7

590

Featured

See All Featured

The World Runs on Bad Software

PRO

72

12k

Reflections from 52 weeks, 52 projects

355

21k

Art, The Web, and Tiny UX

303

21k

Raft: Consensus for Rubyists

141

7.2k

What's in a price? How to price your products and services

246

12k

For a Future-Friendly Web

180

10k

Optimizing for Happiness

379

70k

Documentation Writing (for coders)

76

5.2k

Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]

10

720

Bootstrapping a Software Product

PRO

307

120k

YesSQL, Process and Tooling at Scale

174

15k

Designing for Performance

610

69k

Transcript

DevSecOps with JFrog Platform
2 § § Sr. DevOps Acceleration Engineer @JFrog § DevOps
Liquid Software § @tsuyoshi_miyake [email protected]
3 TPS TPS - Wikipedia: Toyota Production System (https://en.wikipedia.org/wiki/Toyota_Production_System) DevOps
• • • 4
1 SSC N 5 • • •
1 N 6 VCS (Git) CI/CD ??? • • •
SSC OSS B C A OSS OSS SSC SSC 7
8 • • • •
(CVE) by OSS (CVE) Executive Order on Improving the Nation
s Cybersecurity CVE 9
24/7 Dedicated Support + DevOps Acceleration Service Arm BUILD TEST
RELEASE DEPLOY CI/CD On Premises & Multicloud VCS ACCESS FEDERATION ACL SSO 10 JFrog Platform
Artifactory for 11 docker-prod-local docker-dev-local (default) docker-qa-local Docker Hub docker-remote
docker
WATCHES Xray for SBOM (Software Bill of Materials) 12 POLICIES
Security License Fail Build Web Hooks, Slack, Emails XUC (Xray Update Center) Bundle Build Build Repo Repo Frogbot IDE XRAY ARTIFACTORY SBOM (SPDX, CycloneDX)
13 PIPELINES > git commit Public Repos IDE Git Repo
package .json ARTIFACTORY XRAY PLUGIN XRAY DISTRIBUTION DISTRIBUTION EDGE DISTRIBUTION EDGE Connect Pull Request with JFrog Platform
JFrog 14
THANK YOU!