Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Securing your software supply chain

Avatar for Nicolas Byl Nicolas Byl
April 17, 2020
Technology
0
360

Securing your software supply chain

Avatar for Nicolas Byl

Nicolas Byl

April 17, 2020
Tweet

More Decks by Nicolas Byl

See All by Nicolas Byl
Platform Engineering ❤️ Developer Experience
Avatar for Nicolas Byl nbyl
0
2
Die Flucht aus der Prototypen-Hölle
Avatar for Nicolas Byl nbyl
0
43
Lean Prototyping for Industrial-IoT Projects
Avatar for Nicolas Byl nbyl
0
42
DevSecOps - Vom Unikum zur gut geölten Maschine
Avatar for Nicolas Byl nbyl
0
98
Keeping-Up-WithUpstream.pdf
Avatar for Nicolas Byl nbyl
0
160
Dr. Kube und der Helm - Anatomie einer CD-Pipeline
Avatar for Nicolas Byl nbyl
0
120
Securing the "other" supply chain
Avatar for Nicolas Byl nbyl
0
270
Kubernetes - Auf die Cluster, Fertig, Los!
Avatar for Nicolas Byl nbyl
0
180
Helm - Kubernetes Deployments richtig gemacht
Avatar for Nicolas Byl nbyl
0
130

Other Decks in Technology

See All in Technology
生成AIとM5Stack / M5 Japan Tour 2025 Autumn 東京
Avatar for you(@youtoy) you
PRO
0
230
M5製品で作るポン置きセルラー対応カメラ
Avatar for Hisaya OKADA sayacom
0
160
関係性が駆動するアジャイル──GPTに人格を与えたら、対話を通してふりかえりを 習慣化できた話
Avatar for リリカル mhlyc
0
130
Escaping_the_Kraken_-_October_2025.pdf
Avatar for Maarten Dalmijn mdalmijn
0
150
Large Vision Language Modelを用いた 文書画像データ化作業自動化の検証、運用 / shibuya_AI
Avatar for Sansan R&D sansan_randd
0
110
Function calling機能をPLaMo2に実装するには / PFN LLMセミナー
Avatar for Preferred Networks pfn
PRO
0
970
『OCI で学ぶクラウドネイティブ 実践 × 理論ガイド』 書籍概要
Avatar for oracle4engineer oracle4engineer
PRO
2
120
社内お問い合わせBotの仕組みと学び
Avatar for Tomoyuki Nishimura nish01
0
460
スタートアップにおけるこれからの「データ整備」
Avatar for ShoMaekawa/ウィル shomaekawa
1
240
Shirankedo NOCで見えてきたeduroam/OpenRoaming運用ノウハウと課題 - BAKUCHIKU BANBAN #2
Avatar for marokiki marokiki
0
150
SoccerNet GSRの紹介と技術応用:選手視点映像を提供するサッカー作戦盤ツール
Avatar for MIXI ENGINEERS mixi_engineers
PRO
1
190
20201008_ファインディ_品質意識を育てる役目は人かAIか___2_.pdf
Avatar for ファインディ株式会社(イベント資料アップ用) findy_eventslides
1
520

Featured

See All Featured
GraphQLの誤解/rethinking-graphql
Avatar for sonatard sonatard
73
11k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
Avatar for Aki / @LoveIdahoBurger aki_iinuma
127
53k
Why Our Code Smells
Avatar for Brandon Keepers bkeepers
PRO
339
57k
Being A Developer After 40
Avatar for Adrian Kosmaczewski akosma
91
590k
It's Worth the Effort
Avatar for 3n 3n
187
28k
Building Flexible Design Systems
Avatar for Yesenia Perez-Cruz yeseniaperezcruz
329
39k
[RailsConf 2023 Opening Keynote] The Magic of Rails
Avatar for Eileen M. Uchitelle eileencodes
31
9.7k
Why You Should Never Use an ORM
Avatar for John Nunemaker jnunemaker
PRO
59
9.6k
Six Lessons from altMBA
Avatar for Skipper Chong Warson skipperchong
28
4k
Art, The Web, and Tiny UX
Avatar for Lynn Fisher lynnandtonic
303
21k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
Avatar for Rebecca Miller-Webster rmw
35
3.2k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
Avatar for Vitaly Friedman smashingmag
252
21k

Transcript

  1. Securing your software supply chain Anatomie einer DevSecOps Pipeline 1

  2. Storytime 2

  3. 3 The way of the Code

  4. The castle illusion 4

  5. 5 The way of the Code

  6. 6 The way of the Code

  7. Code reviews 7

  8. Signing git commits 8

  9. 9 The way of the Code

  10. The dependency iceberg 10

  11. Automation is king 11 • FindBugs • SonarQube • SAST/DAST

    • Maven, NPM, ... • Container Images • Operating System • npm audit • Dependabot • Renovate Source Code Analysis Dependency Analysis Update Automation

  12. 12 The way of the Code

  13. 13 The key to the kingdom

  14. 14 Current situation deploy

  15. 15 Zero-Trust Deployment IAM deploy poll

  16. 16 Policy trumps checks IAM deploy poll

  17. codecentric AG Kreuznacher Straße 30 60486 Frankfurt am Main Telefon:

    +49 (0) 173.731 02 40 Nicolas Byl Senior Cloud Consultant [email protected] www.codecentric.de Innovative - Trustful - Competent - Pragmatic 17