Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
安全なソフトウェアサプライチェーンの実現 / secure-software-supply-c...
Search
Tsuyoshi Miyake
May 18, 2022
Technology
50
0
Share
安全なソフトウェアサプライチェーンの実現 / secure-software-supply-chain-with-jfrog
2022/05/18 に実施した JFrog x SoftBank x PrismaCloud 共同 DevSecOps セミナーの JFrog 発表分です
Tsuyoshi Miyake
May 18, 2022
More Decks by Tsuyoshi Miyake
See All by Tsuyoshi Miyake
JFrog 最新情報 - JFrog DevOps プラットフォームの今までとこれから / jfrog-update-for-devopskaigi-2022
tsuyo
0
460
猿でもわかるコンテナ V3 / a-monkeys-guide-to-container-v3
tsuyo
0
83
猿でもわかる DevOps / a-monkeys-guide-to-devops
tsuyo
0
850
はじめての JFrog Platform V2 / getting-started-with-jfrog-platform-v2
tsuyo
0
410
はじめての JFrog Distribution / getting-started-with-jfrog-distribution
tsuyo
0
190
はじめての JFrog Pipelines / getting-started-with-jfrog-pipelines
tsuyo
0
230
はじめての JFrog Xray / getting-started-with-jfrog-xray
tsuyo
0
1.6k
はじめての JFrog Artifactory / getting-started-with-jfrog-artifactory
tsuyo
0
1.2k
はじめての JFrog Platform / getting-started-with-jfrog-platform
tsuyo
0
840
Other Decks in Technology
See All in Technology
不確実性と戦いながら見積もりを作成するプロセス/mitsumori-process
hirodragon112
1
190
あるアーキテクチャ決定と その結果/architecture-decision-and-its-result
hanhan1978
0
310
Databricks Appsで実現する社内向けAIアプリ開発の効率化
r_miura
0
320
建設的な現実逃避のしかた / How to practice constructive escapism
pauli
3
150
フルカイテン株式会社 エンジニア向け採用資料
fullkaiten
0
11k
Podcast配信で広がったアウトプットの輪~70人と音声発信してきた7年間~/outputconf_01
fortegp05
0
230
OpenClawでPM業務を自動化
knishioka
2
390
Claude Teamプランの選定と、できること/できないこと
rfdnxbro
1
530
自分をひらくと次のチャレンジの敷居が下がる
sudoakiy
5
1.8k
AIドリブン開発の実践知 ― AI-DLC Unicorn Gym実施から見えた可能性と課題
mixi_engineers
PRO
0
110
推し活エージェント
yuntan_t
1
800
互換性のある(らしい)DBへの移行など考えるにあたってたいへんざっくり
sejima
PRO
0
550
Featured
See All Featured
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
17k
Agile Leadership in an Agile Organization
kimpetersen
PRO
0
120
The #1 spot is gone: here's how to win anyway
tamaranovitovic
2
1k
Building Experiences: Design Systems, User Experience, and Full Site Editing
marktimemedia
0
470
How to Think Like a Performance Engineer
csswizardry
28
2.5k
The Cost Of JavaScript in 2023
addyosmani
55
9.8k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
49
3.4k
Embracing the Ebb and Flow
colly
88
5k
Paper Plane (Part 1)
katiecoart
PRO
0
6.4k
SEO for Brand Visibility & Recognition
aleyda
0
4.4k
Done Done
chrislema
186
16k
Become a Pro
speakerdeck
PRO
31
5.9k
Transcript
DevSecOps with JFrog Platform
2 § § Sr. DevOps Acceleration Engineer @JFrog § DevOps
Liquid Software § @tsuyoshi_miyake
[email protected]
3 TPS TPS - Wikipedia: Toyota Production System (https://en.wikipedia.org/wiki/Toyota_Production_System) DevOps
• • • 4
1 SSC N 5 • • •
1 N 6 VCS (Git) CI/CD ??? • • •
SSC OSS B C A OSS OSS SSC SSC 7
8 • • • •
(CVE) by OSS (CVE) Executive Order on Improving the Nation
s Cybersecurity CVE 9
24/7 Dedicated Support + DevOps Acceleration Service Arm BUILD TEST
RELEASE DEPLOY CI/CD On Premises & Multicloud VCS ACCESS FEDERATION ACL SSO 10 JFrog Platform
Artifactory for 11 docker-prod-local docker-dev-local (default) docker-qa-local Docker Hub docker-remote
docker
WATCHES Xray for SBOM (Software Bill of Materials) 12 POLICIES
Security License Fail Build Web Hooks, Slack, Emails XUC (Xray Update Center) Bundle Build Build Repo Repo Frogbot IDE XRAY ARTIFACTORY SBOM (SPDX, CycloneDX)
13 PIPELINES > git commit Public Repos IDE Git Repo
package .json ARTIFACTORY XRAY PLUGIN XRAY DISTRIBUTION DISTRIBUTION EDGE DISTRIBUTION EDGE Connect Pull Request with JFrog Platform
JFrog 14
THANK YOU!
tsuyo
hirodragon112
hanhan1978
.png){kind=avatar}
r_miura
pauli
fullkaiten
fortegp05
knishioka
rfdnxbro
sudoakiy
mixi_engineers
yuntan_t
sejima
afnizarnur
kimpetersen
tamaranovitovic
marktimemedia
csswizardry
addyosmani
tammyeverts
colly
katiecoart
aleyda
chrislema
speakerdeck
