安全なソフトウェアサプライチェーンの実現 / secure-software-supply-c...

Tsuyoshi Miyake

May 18, 2022

47

安全なソフトウェアサプライチェーンの実現 / secure-software-supply-chain-with-jfrog

2022/05/18 に実施した JFrog x SoftBank x PrismaCloud 共同 DevSecOps セミナーの JFrog 発表分です

Tsuyoshi Miyake

May 18, 2022

Tweet

More Decks by Tsuyoshi Miyake

See All by Tsuyoshi Miyake

JFrog 最新情報 - JFrog DevOps プラットフォームの今までとこれから / jfrog-update-for-devopskaigi-2022

0

450

猿でもわかるコンテナ V3 / a-monkeys-guide-to-container-v3

0

78

猿でもわかる DevOps / a-monkeys-guide-to-devops

0

840

はじめての JFrog Platform V2 / getting-started-with-jfrog-platform-v2

0

390

はじめての JFrog Distribution / getting-started-with-jfrog-distribution

0

180

はじめての JFrog Pipelines / getting-started-with-jfrog-pipelines

0

220

はじめての JFrog Xray / getting-started-with-jfrog-xray

0

1.5k

はじめての JFrog Artifactory / getting-started-with-jfrog-artifactory

0

1.2k

はじめての JFrog Platform / getting-started-with-jfrog-platform

0

830

Other Decks in Technology

See All in Technology

GitHub Issue Templates + Coding Agentで簡単みんなでIaC/Easy IaC for Everyone with GitHub Issue Templates + Coding Agent

1

200

2026年、サーバーレスの現在地 -「制約と戦う技術」から「当たり前の実行基盤」へ- /serverless2026

2

220

広告の効果検証を題材にした因果推論の精度検証について

PRO

0

150

SREのプラクティスを用いた3領域同時マネジメントへの挑戦〜SRE・情シス・セキュリティを統合したチーム運営術〜

coconala_engineer

2

630

Cosmos World Foundation Model Platform for Physical AI

0

770

【５分でわかる】セーフィーエンジニア向け会社紹介

0

42k

Frontier Agents (Kiro autonomous agent / AWS Security Agent / AWS DevOps Agent) の紹介

3

160

OCI Database Management サービス詳細

oracle4engineer

PRO

1

7.4k

Introduction to Sansan for Engineers / エンジニア向け会社紹介

PRO

6

68k

Kiro IDEのドキュメントを全部読んだので地味だけどちょっと嬉しい機能を紹介する

0

180

データ民主化のための LLM 活用状況と課題紹介（IVRy の場合）

2

700

Greatest Disaster Hits in Web Performance

0

200

Featured

See All Featured

A Modern Web Designer's Workflow

698

190k

Dominate Local Search Results - an insider guide to GBP, reviews, and Local SEO

PRO

0

77

[RailsConf 2023] Rails as a piece of cake

59

6.3k

[RailsConf 2023 Opening Keynote] The Magic of Rails

31

9.9k

Imperfection Machines: The Place of Print at Facebook

269

14k

Taking LLMs out of the black box: A practical guide to human-in-the-loop distillation

PRO

3

2k

SEO for Brand Visibility & Recognition

0

4.2k

Code Reviewing Like a Champion

527

40k

Conquering PDFs: document understanding beyond plain text

PRO

4

2.3k

Bootstrapping a Software Product

PRO

307

120k

Have SEOs Ruined the Internet? - User Awareness of SEO in 2025

0

270

How to optimise 3,500 product descriptions for ecommerce in one day using ChatGPT

PRO

0

3.4k

Transcript

DevSecOps with JFrog Platform
2 § § Sr. DevOps Acceleration Engineer @JFrog § DevOps
Liquid Software § @tsuyoshi_miyake [email protected]
3 TPS TPS - Wikipedia: Toyota Production System (https://en.wikipedia.org/wiki/Toyota_Production_System) DevOps
• • • 4
1 SSC N 5 • • •
1 N 6 VCS (Git) CI/CD ??? • • •
SSC OSS B C A OSS OSS SSC SSC 7
8 • • • •
(CVE) by OSS (CVE) Executive Order on Improving the Nation
s Cybersecurity CVE 9
24/7 Dedicated Support + DevOps Acceleration Service Arm BUILD TEST
RELEASE DEPLOY CI/CD On Premises & Multicloud VCS ACCESS FEDERATION ACL SSO 10 JFrog Platform
Artifactory for 11 docker-prod-local docker-dev-local (default) docker-qa-local Docker Hub docker-remote
docker
WATCHES Xray for SBOM (Software Bill of Materials) 12 POLICIES
Security License Fail Build Web Hooks, Slack, Emails XUC (Xray Update Center) Bundle Build Build Repo Repo Frogbot IDE XRAY ARTIFACTORY SBOM (SPDX, CycloneDX)
13 PIPELINES > git commit Public Repos IDE Git Repo
package .json ARTIFACTORY XRAY PLUGIN XRAY DISTRIBUTION DISTRIBUTION EDGE DISTRIBUTION EDGE Connect Pull Request with JFrog Platform
JFrog 14
THANK YOU!