Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
安全なソフトウェアサプライチェーンの実現 / secure-software-supply-c...
Search
Tsuyoshi Miyake
May 18, 2022
Technology
0
21
安全なソフトウェアサプライチェーンの実現 / secure-software-supply-chain-with-jfrog
2022/05/18 に実施した JFrog x SoftBank x PrismaCloud 共同 DevSecOps セミナーの JFrog 発表分です
Tsuyoshi Miyake
May 18, 2022
Tweet
Share
More Decks by Tsuyoshi Miyake
See All by Tsuyoshi Miyake
JFrog 最新情報 - JFrog DevOps プラットフォームの今までとこれから / jfrog-update-for-devopskaigi-2022
tsuyo
0
350
猿でもわかるコンテナ V3 / a-monkeys-guide-to-container-v3
tsuyo
0
36
猿でもわかる DevOps / a-monkeys-guide-to-devops
tsuyo
0
700
はじめての JFrog Platform V2 / getting-started-with-jfrog-platform-v2
tsuyo
0
250
はじめての JFrog Distribution / getting-started-with-jfrog-distribution
tsuyo
0
150
はじめての JFrog Pipelines / getting-started-with-jfrog-pipelines
tsuyo
0
170
はじめての JFrog Xray / getting-started-with-jfrog-xray
tsuyo
0
1.3k
はじめての JFrog Artifactory / getting-started-with-jfrog-artifactory
tsuyo
0
850
はじめての JFrog Platform / getting-started-with-jfrog-platform
tsuyo
0
740
Other Decks in Technology
See All in Technology
ついに出た!OpenAIの最新モデル「o1」って何がすごいの?
minorun365
PRO
3
1.2k
Analytics-Backed App Widget Development - Served with Jetpack Glance
miyabigouji
0
610
Tricentisにおけるテスト自動化へのAI活用ご紹介/20240910Shunsuke Katakura
shift_evolve
0
200
Envoy External AuthZとgRPC Extensionを利用した「頑張らない」Microservices認証認可基盤
andoshin11
0
260
Oracle Autonomous Database:サービス概要のご紹介
oracle4engineer
PRO
1
7.1k
Fediverse Discovery Providers overview
andypiper
0
170
可視化により内部品質をあげるAIドキュメントリバース/20240910 Hiromitsu Akiba
shift_evolve
0
220
Functional TypeScript
naoya
11
4.8k
サーバー管理しないサーバーサービスManaged DevOps Pool
kkamegawa
0
130
株式会社EventHub・エンジニア採用資料
eventhub
0
3k
『GRANBLUE FANTASY: Relink』最高の「没入感」を実現するカットシーン制作手法とそれを支える技術
cygames
1
140
Developer Experienceを向上させる基盤づくりの取り組み事例集
coconala_engineer
0
150
Featured
See All Featured
Designing Dashboards & Data Visualisations in Web Apps
destraynor
227
52k
[RailsConf 2023] Rails as a piece of cake
palkan
48
4.6k
Documentation Writing (for coders)
carmenintech
65
4.3k
Creatively Recalculating Your Daily Design Routine
revolveconf
215
12k
Faster Mobile Websites
deanohume
304
30k
Why You Should Never Use an ORM
jnunemaker
PRO
53
8.9k
What’s in a name? Adding method to the madness
productmarketing
PRO
21
3k
Automating Front-end Workflow
addyosmani
1365
200k
Pencils Down: Stop Designing & Start Developing
hursman
119
11k
Making Projects Easy
brettharned
113
5.8k
The Illustrated Children's Guide to Kubernetes
chrisshort
47
48k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
278
13k
Transcript
DevSecOps with JFrog Platform
2 § § Sr. DevOps Acceleration Engineer @JFrog § DevOps
Liquid Software § @tsuyoshi_miyake
[email protected]
3 TPS TPS - Wikipedia: Toyota Production System (https://en.wikipedia.org/wiki/Toyota_Production_System) DevOps
• • • 4
1 SSC N 5 • • •
1 N 6 VCS (Git) CI/CD ??? • • •
SSC OSS B C A OSS OSS SSC SSC 7
8 • • • •
(CVE) by OSS (CVE) Executive Order on Improving the Nation
s Cybersecurity CVE 9
24/7 Dedicated Support + DevOps Acceleration Service Arm BUILD TEST
RELEASE DEPLOY CI/CD On Premises & Multicloud VCS ACCESS FEDERATION ACL SSO 10 JFrog Platform
Artifactory for 11 docker-prod-local docker-dev-local (default) docker-qa-local Docker Hub docker-remote
docker
WATCHES Xray for SBOM (Software Bill of Materials) 12 POLICIES
Security License Fail Build Web Hooks, Slack, Emails XUC (Xray Update Center) Bundle Build Build Repo Repo Frogbot IDE XRAY ARTIFACTORY SBOM (SPDX, CycloneDX)
13 PIPELINES > git commit Public Repos IDE Git Repo
package .json ARTIFACTORY XRAY PLUGIN XRAY DISTRIBUTION DISTRIBUTION EDGE DISTRIBUTION EDGE Connect Pull Request with JFrog Platform
JFrog 14
THANK YOU!