安全なソフトウェアサプライチェーンの実現 / secure-software-supply-c...

Tsuyoshi Miyake

May 18, 2022

30

安全なソフトウェアサプライチェーンの実現 / secure-software-supply-chain-with-jfrog

2022/05/18 に実施した JFrog x SoftBank x PrismaCloud 共同 DevSecOps セミナーの JFrog 発表分です

Tsuyoshi Miyake

May 18, 2022

Tweet

More Decks by Tsuyoshi Miyake

See All by Tsuyoshi Miyake

JFrog 最新情報 - JFrog DevOps プラットフォームの今までとこれから / jfrog-update-for-devopskaigi-2022

0

400

猿でもわかるコンテナ V3 / a-monkeys-guide-to-container-v3

0

50

猿でもわかる DevOps / a-monkeys-guide-to-devops

0

760

はじめての JFrog Platform V2 / getting-started-with-jfrog-platform-v2

0

310

はじめての JFrog Distribution / getting-started-with-jfrog-distribution

0

160

はじめての JFrog Pipelines / getting-started-with-jfrog-pipelines

0

190

はじめての JFrog Xray / getting-started-with-jfrog-xray

0

1.4k

はじめての JFrog Artifactory / getting-started-with-jfrog-artifactory

0

980

はじめての JFrog Platform / getting-started-with-jfrog-platform

0

770

Other Decks in Technology

See All in Technology

ペアーズにおけるData Catalog導入の取り組み

0

250

テキスト解析で見る PyCon APAC 2025 セッション＆スピーカートレンド分析

0

250

大規模プロジェクトにおける品質管理の要点と実践 / 20250327 Suguru Ishii

0

310

TopAppBar Composableをカスタムする

0

170

入社後SREチームのミッションや課題の整理をした話

1

200

Tokyo dbt Meetup #13 dbtと連携するBI製品＆機能ざっくり紹介

0

240

OCI見積もり入門セミナー

oracle4engineer

0

160

17年のQA経験が導いたスクラムマスターへの道 / 17 Years in QA to Scrum Master

0

490

開発現場とセキュリティ担当をつなぐ脅威モデリング

0

130

DevOps文化を育むQA 〜カルチャーバブルを生み出す戦略〜 / 20250317 Atsushi Funahashi

1

120

React Server Componentは何を解決し何を解決しないのか / What do React Server Components solve, and what do they not solve?

6

1.3k

ウォンテッドリーにおける Platform Engineering

0

160

Featured

See All Featured

The Illustrated Children's Guide to Kubernetes

48

49k

ReactJS: Keep Simple. Everything can be a component!

666

120k

183

16k

The Art of Delivering Value - GDevCon NA Keynote

12

1.4k

GraphQLとの向き合い方2022年版

45

14k

For a Future-Friendly Web

176

9.6k

Put a Button on it: Removing Barriers to Going Fast.

60

3.8k

Code Reviewing Like a Champion

522

39k

A designer walks into a library…

pauljervisheath

205

24k

10 Git Anti Patterns You Should be Aware of

656

60k

"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)

227

22k

sergeychernyshev

28

870

Transcript

DevSecOps with JFrog Platform
2 § § Sr. DevOps Acceleration Engineer @JFrog § DevOps
Liquid Software § @tsuyoshi_miyake [email protected]
3 TPS TPS - Wikipedia: Toyota Production System (https://en.wikipedia.org/wiki/Toyota_Production_System) DevOps
• • • 4
1 SSC N 5 • • •
1 N 6 VCS (Git) CI/CD ??? • • •
SSC OSS B C A OSS OSS SSC SSC 7
8 • • • •
(CVE) by OSS (CVE) Executive Order on Improving the Nation
s Cybersecurity CVE 9
24/7 Dedicated Support + DevOps Acceleration Service Arm BUILD TEST
RELEASE DEPLOY CI/CD On Premises & Multicloud VCS ACCESS FEDERATION ACL SSO 10 JFrog Platform
Artifactory for 11 docker-prod-local docker-dev-local (default) docker-qa-local Docker Hub docker-remote
docker
WATCHES Xray for SBOM (Software Bill of Materials) 12 POLICIES
Security License Fail Build Web Hooks, Slack, Emails XUC (Xray Update Center) Bundle Build Build Repo Repo Frogbot IDE XRAY ARTIFACTORY SBOM (SPDX, CycloneDX)
13 PIPELINES > git commit Public Repos IDE Git Repo
package .json ARTIFACTORY XRAY PLUGIN XRAY DISTRIBUTION DISTRIBUTION EDGE DISTRIBUTION EDGE Connect Pull Request with JFrog Platform
JFrog 14
THANK YOU!