安全なソフトウェアサプライチェーンの実現 / secure-software-supply-c...

SiteGround - Reliable hosting with speed, security, and support you can count on. →

Tsuyoshi Miyake

May 18, 2022

49

安全なソフトウェアサプライチェーンの実現 / secure-software-supply-chain-with-jfrog

2022/05/18 に実施した JFrog x SoftBank x PrismaCloud 共同 DevSecOps セミナーの JFrog 発表分です

Tsuyoshi Miyake

May 18, 2022

Tweet

More Decks by Tsuyoshi Miyake

See All by Tsuyoshi Miyake

JFrog 最新情報 - JFrog DevOps プラットフォームの今までとこれから / jfrog-update-for-devopskaigi-2022

0

450

猿でもわかるコンテナ V3 / a-monkeys-guide-to-container-v3

0

82

猿でもわかる DevOps / a-monkeys-guide-to-devops

0

850

はじめての JFrog Platform V2 / getting-started-with-jfrog-platform-v2

0

400

はじめての JFrog Distribution / getting-started-with-jfrog-distribution

0

190

はじめての JFrog Pipelines / getting-started-with-jfrog-pipelines

0

230

はじめての JFrog Xray / getting-started-with-jfrog-xray

0

1.6k

はじめての JFrog Artifactory / getting-started-with-jfrog-artifactory

0

1.2k

はじめての JFrog Platform / getting-started-with-jfrog-platform

0

840

Other Decks in Technology

See All in Technology

AI時代の「本当の」ハイブリッドクラウド — エージェントが実現した、あの頃の夢

0

150

生成AIで速度と品質を両立する、QAエンジニア・開発者連携のAI協調型テストプロセス

0

190

モジュラモノリス導入から4年間の総括：アーキテクチャと組織の相互作用について / Architecture and Organizational Interaction

1

320

決済サービスを支えるElastic Cloud - Elastic Cloudの導入と推進、決済サービスのObservability

2

660

Zeal of the Convert: Taming Shai-Hulud with AI

0

150

visionOS 開発向けの MCP / Skills をつくり続けることで XR の探究と学習を最大化

1

640

"作る"から"使われる"へ：Backstage 活用の現在地

0

190

内製AIチャットボットで学んだDatadog LLM Observability活用術

0

130

コンテキスト・ハーネスエンジニアリングの現在

PRO

4

490

進化するBits AI SREと私と組織

PRO

1

250

AIエージェント、社内展開の前に知っておきたいこと

oracle4engineer

PRO

2

160

SRE NEXT 2026 CfP レビュアーが語る聞きたくなるプロポーザルとは？

yutakawasaki0911

1

440

Featured

See All Featured

Agile Leadership in an Agile Organization

PRO

0

110

Cheating the UX When There Is Nothing More to Optimize - PixelPioneers

stephaniewalter

287

14k

Leveraging Curiosity to Care for An Aging Population

1

200

The Cult of Friendly URLs

79

6.8k

Un-Boring Meetings

0

230

The browser strikes back

0

810

Site-Speed That Sticks

13

1.1k

Max Prin - Stacking Signals: How International SEO Comes Together (And Falls Apart)

PRO

0

120

[RailsConf 2023] Rails as a piece of cake

59

6.4k

No one is an island. Learnings from fostering a developers community.

21

3.6k

How to Talk to Developers About Accessibility

2

150

Data-driven link building: lessons from a $708K investment (BrightonSEO talk)

1

980

Transcript

DevSecOps with JFrog Platform
2 § § Sr. DevOps Acceleration Engineer @JFrog § DevOps
Liquid Software § @tsuyoshi_miyake [email protected]
3 TPS TPS - Wikipedia: Toyota Production System (https://en.wikipedia.org/wiki/Toyota_Production_System) DevOps
• • • 4
1 SSC N 5 • • •
1 N 6 VCS (Git) CI/CD ??? • • •
SSC OSS B C A OSS OSS SSC SSC 7
8 • • • •
(CVE) by OSS (CVE) Executive Order on Improving the Nation
s Cybersecurity CVE 9
24/7 Dedicated Support + DevOps Acceleration Service Arm BUILD TEST
RELEASE DEPLOY CI/CD On Premises & Multicloud VCS ACCESS FEDERATION ACL SSO 10 JFrog Platform
Artifactory for 11 docker-prod-local docker-dev-local (default) docker-qa-local Docker Hub docker-remote
docker
WATCHES Xray for SBOM (Software Bill of Materials) 12 POLICIES
Security License Fail Build Web Hooks, Slack, Emails XUC (Xray Update Center) Bundle Build Build Repo Repo Frogbot IDE XRAY ARTIFACTORY SBOM (SPDX, CycloneDX)
13 PIPELINES > git commit Public Repos IDE Git Repo
package .json ARTIFACTORY XRAY PLUGIN XRAY DISTRIBUTION DISTRIBUTION EDGE DISTRIBUTION EDGE Connect Pull Request with JFrog Platform
JFrog 14
THANK YOU!