安全なソフトウェアサプライチェーンの実現 / secure-software-supply-chain-with-jfrog

2022/05/18 に実施した JFrog x SoftBank x PrismaCloud 共同 DevSecOps セミナーの JFrog 発表分です

Tsuyoshi Miyake

May 18, 2022

More Decks by Tsuyoshi Miyake

See All by Tsuyoshi Miyake

JFrog 最新情報 - JFrog DevOps プラットフォームの今までとこれから / jfrog-update-for-devopskaigi-2022

0

460

猿でもわかるコンテナ V3 / a-monkeys-guide-to-container-v3

0

91

猿でもわかる DevOps / a-monkeys-guide-to-devops

0

870

はじめての JFrog Platform V2 / getting-started-with-jfrog-platform-v2

0

420

はじめての JFrog Distribution / getting-started-with-jfrog-distribution

0

200

はじめての JFrog Pipelines / getting-started-with-jfrog-pipelines

0

240

はじめての JFrog Xray / getting-started-with-jfrog-xray

0

1.6k

はじめての JFrog Artifactory / getting-started-with-jfrog-artifactory

0

1.2k

はじめての JFrog Platform / getting-started-with-jfrog-platform

0

850

Other Decks in Technology

See All in Technology

M&Aで増え続けるプロダクトに少数QAはどう立ち向かうか─GENDAが挑む、全員で取り組む品質標準化戦略 / GENDA Tech Talk #4

0

110

【関西製造業祭り2026春】現場を変える技術はここまで来た〜世界最大の製造業見本市から持って帰ってきたもの〜

0

170

毎日の作業を Claude Code 経由にしたら、ノウハウがコードになった

1

1.4k

Oracle Cloud Infrastructure presents managed, serverless MCP Servers for Oracle AI Database

1

350

2026-05-14 要件定義からソース管理まで！IBM Bob基礎ハンズオン

0

160

続運用改善、不都合な真実〜物理制約のない運用改善はほとんど無価値 / 20260518-ssmjp-kaizen-no-value-without-physical-constraints

2

240

SLI/SLO、「完全に理解した」から「チョットデキル」へ

5

550

サンプリングは「作る」のか「使う」のか？分散トレースのコストと運用を両立する実践的戦略 / Why you need the tail sampling and why you don't want it

4

190

PdM・Eng・QAで進めるAI駆動開発の現在地/aidd-with-pdm-eng-qa

0

250

R&D 祭 2024 UE5で絵コンテ・作画の制作支援ツールをつくる話

PRO

0

170

分断された OT と IT を繋ぐ架け橋 -Kubernetes が切り拓く産業用組み込み製品の現在地 -

1

120

RedmineをAIで効率的に使う検証

0

130

Featured

See All Featured

Improving Core Web Vitals using Speculation Rules API

sergeychernyshev

21

1.5k

Rails Girls Zürich Keynote

96

14k

Intergalactic Javascript Robots from Outer Space

273

27k

Groundhog Day: Seeking Process in Gaming for Health

0

180

The Art of Programming - Codeland 2020

57

14k

The innovator’s Mindset -  Leading Through an Era of Exponential Change - McGill University 2025

PRO

1

170

[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails

38

2.9k

Six Lessons from altMBA

29

4.2k

Building Better People: How to give real-time feedback that sticks.

370

20k

How People are Using Generative and Agentic AI to Supercharge Their Products, Projects, Services and Value Streams Today

1

180

Rebuilding a faster, lazier Slack

85

9.5k

Why You Should Never Use an ORM

PRO

61

9.8k

Transcript

DevSecOps with JFrog Platform
2 § § Sr. DevOps Acceleration Engineer @JFrog § DevOps
Liquid Software § @tsuyoshi_miyake [email protected]
3 TPS TPS - Wikipedia: Toyota Production System (https://en.wikipedia.org/wiki/Toyota_Production_System) DevOps
• • • 4
1 SSC N 5 • • •
1 N 6 VCS (Git) CI/CD ??? • • •
SSC OSS B C A OSS OSS SSC SSC 7
8 • • • •
(CVE) by OSS (CVE) Executive Order on Improving the Nation
s Cybersecurity CVE 9
24/7 Dedicated Support + DevOps Acceleration Service Arm BUILD TEST
RELEASE DEPLOY CI/CD On Premises & Multicloud VCS ACCESS FEDERATION ACL SSO 10 JFrog Platform
Artifactory for 11 docker-prod-local docker-dev-local (default) docker-qa-local Docker Hub docker-remote
docker
WATCHES Xray for SBOM (Software Bill of Materials) 12 POLICIES
Security License Fail Build Web Hooks, Slack, Emails XUC (Xray Update Center) Bundle Build Build Repo Repo Frogbot IDE XRAY ARTIFACTORY SBOM (SPDX, CycloneDX)
13 PIPELINES > git commit Public Repos IDE Git Repo
package .json ARTIFACTORY XRAY PLUGIN XRAY DISTRIBUTION DISTRIBUTION EDGE DISTRIBUTION EDGE Connect Pull Request with JFrog Platform
JFrog 14
THANK YOU!