安全なソフトウェアサプライチェーンの実現 / secure-software-supply-c...

SiteGround - Reliable hosting with speed, security, and support you can count on. →

Tsuyoshi Miyake

May 18, 2022

47

安全なソフトウェアサプライチェーンの実現 / secure-software-supply-chain-with-jfrog

2022/05/18 に実施した JFrog x SoftBank x PrismaCloud 共同 DevSecOps セミナーの JFrog 発表分です

Tsuyoshi Miyake

May 18, 2022

Tweet

More Decks by Tsuyoshi Miyake

See All by Tsuyoshi Miyake

JFrog 最新情報 - JFrog DevOps プラットフォームの今までとこれから / jfrog-update-for-devopskaigi-2022

0

450

猿でもわかるコンテナ V3 / a-monkeys-guide-to-container-v3

0

78

猿でもわかる DevOps / a-monkeys-guide-to-devops

0

840

はじめての JFrog Platform V2 / getting-started-with-jfrog-platform-v2

0

390

はじめての JFrog Distribution / getting-started-with-jfrog-distribution

0

180

はじめての JFrog Pipelines / getting-started-with-jfrog-pipelines

0

220

はじめての JFrog Xray / getting-started-with-jfrog-xray

0

1.5k

はじめての JFrog Artifactory / getting-started-with-jfrog-artifactory

0

1.2k

はじめての JFrog Platform / getting-started-with-jfrog-platform

0

830

Other Decks in Technology

See All in Technology

We Built for Predictability; The Workloads Didn’t Care

0

140

Webhook best practices for rock solid and resilient deployments

1

280

顧客の言葉を、そのまま信じない勇気

1

350

10Xにおける品質保証活動の全体像と改善 #no_more_wait_for_test

PRO

2

230

マーケットプレイス版Oracle WebCenter Content For OCI

oracle4engineer

PRO

5

1.6k

CDK対応したAWS DevOps Agentを試そう_20260201

1

240

Introduction to Sansan for Engineers / エンジニア向け会社紹介

PRO

6

68k

Context Engineeringが企業で不可欠になる理由

PRO

3

530

[CV勉強会@関東 World Model 読み会] Orbis: Overcoming Challenges of Long-Horizon Prediction in Driving World Models (Mousakhan+, NeurIPS 2025)

0

110

モダンUIでフルサーバーレスなAIエージェントをAmplifyとCDKでサクッとデプロイしよう

4

180

生成AI時代にこそ求められるSRE / SRE for Gen AI era

5

3k

会社紹介資料 / Sansan Company Profile

PRO

15

400k

Featured

See All Featured

Reflections from 52 weeks, 52 projects

356

21k

AI Search: Where Are We & What Can We Do About It?

0

6.9k

Hiding What from Whom? A Critical Review of the History of Programming languages for Music

2

410

Test your architecture with Archunit

1

2.1k

Everyday Curiosity

0

130

The Power of CSS Pseudo Elements

80

6.2k

Facilitating Awesome Meetings

57

6.8k

The B2B funnel & how to create a winning content strategy

PRO

0

270

How Software Deployment tools have changed in the past 20 years

0

32k

The #1 spot is gone: here's how to win anyway

tamaranovitovic

2

930

16th Malabo Montpellier Forum Presentation

PRO

0

49

Mobile First: as difficult as doing things right

225

10k

Transcript

DevSecOps with JFrog Platform
2 § § Sr. DevOps Acceleration Engineer @JFrog § DevOps
Liquid Software § @tsuyoshi_miyake [email protected]
3 TPS TPS - Wikipedia: Toyota Production System (https://en.wikipedia.org/wiki/Toyota_Production_System) DevOps
• • • 4
1 SSC N 5 • • •
1 N 6 VCS (Git) CI/CD ??? • • •
SSC OSS B C A OSS OSS SSC SSC 7
8 • • • •
(CVE) by OSS (CVE) Executive Order on Improving the Nation
s Cybersecurity CVE 9
24/7 Dedicated Support + DevOps Acceleration Service Arm BUILD TEST
RELEASE DEPLOY CI/CD On Premises & Multicloud VCS ACCESS FEDERATION ACL SSO 10 JFrog Platform
Artifactory for 11 docker-prod-local docker-dev-local (default) docker-qa-local Docker Hub docker-remote
docker
WATCHES Xray for SBOM (Software Bill of Materials) 12 POLICIES
Security License Fail Build Web Hooks, Slack, Emails XUC (Xray Update Center) Bundle Build Build Repo Repo Frogbot IDE XRAY ARTIFACTORY SBOM (SPDX, CycloneDX)
13 PIPELINES > git commit Public Repos IDE Git Repo
package .json ARTIFACTORY XRAY PLUGIN XRAY DISTRIBUTION DISTRIBUTION EDGE DISTRIBUTION EDGE Connect Pull Request with JFrog Platform
JFrog 14
THANK YOU!