Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
安全なソフトウェアサプライチェーンの実現 / secure-software-supply-c...
Search
Tsuyoshi Miyake
May 18, 2022
Technology
0
39
安全なソフトウェアサプライチェーンの実現 / secure-software-supply-chain-with-jfrog
2022/05/18 に実施した JFrog x SoftBank x PrismaCloud 共同 DevSecOps セミナーの JFrog 発表分です
Tsuyoshi Miyake
May 18, 2022
Tweet
Share
More Decks by Tsuyoshi Miyake
See All by Tsuyoshi Miyake
JFrog 最新情報 - JFrog DevOps プラットフォームの今までとこれから / jfrog-update-for-devopskaigi-2022
tsuyo
0
430
猿でもわかるコンテナ V3 / a-monkeys-guide-to-container-v3
tsuyo
0
68
猿でもわかる DevOps / a-monkeys-guide-to-devops
tsuyo
0
810
はじめての JFrog Platform V2 / getting-started-with-jfrog-platform-v2
tsuyo
0
360
はじめての JFrog Distribution / getting-started-with-jfrog-distribution
tsuyo
0
170
はじめての JFrog Pipelines / getting-started-with-jfrog-pipelines
tsuyo
0
200
はじめての JFrog Xray / getting-started-with-jfrog-xray
tsuyo
0
1.5k
はじめての JFrog Artifactory / getting-started-with-jfrog-artifactory
tsuyo
0
1.1k
はじめての JFrog Platform / getting-started-with-jfrog-platform
tsuyo
0
820
Other Decks in Technology
See All in Technology
プロファイルとAIエージェントによる効率的なデバッグ / Effective debugging with profiler and AI assistant
ymotongpoo
1
370
AI時代におけるデータの重要性 ~データマネジメントの第一歩~
ryoichi_ota
0
720
激動の時代を爆速リチーミングで乗り越えろ
sansantech
PRO
1
140
猫でもわかるAmazon Q Developer CLI 解体新書
kentapapa
1
110
組織全員で向き合うAI Readyなデータ利活用
gappy50
4
1.3k
JSConf JPのwebsiteをGatsbyからNext.jsに移行した話 - Next.jsの多言語静的サイトと課題
leko
2
190
20251027_マルチエージェントとは
almondo_event
1
460
OPENLOGI Company Profile for engineer
hr01
1
45k
ViteとTypeScriptのProject Referencesで 大規模モノレポのUIカタログのリリースサイクルを高速化する
shuta13
3
220
AI AgentをLangflowでサクッと作って、1日働かせてみた!
yano13
1
160
オブザーバビリティが育むシステム理解と好奇心
maruloop
3
1.4k
AI-Readyを目指した非構造化データのメダリオンアーキテクチャ
r_miura
1
340
Featured
See All Featured
Side Projects
sachag
455
43k
Documentation Writing (for coders)
carmenintech
75
5.1k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
667
130k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
162
15k
Building a Modern Day E-commerce SEO Strategy
aleyda
44
7.8k
Facilitating Awesome Meetings
lara
57
6.6k
Large-scale JavaScript Application Architecture
addyosmani
514
110k
Visualization
eitanlees
149
16k
Intergalactic Javascript Robots from Outer Space
tanoku
272
27k
Music & Morning Musume
bryan
46
6.9k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
16k
Principles of Awesome APIs and How to Build Them.
keavy
127
17k
Transcript
DevSecOps with JFrog Platform
2 § § Sr. DevOps Acceleration Engineer @JFrog § DevOps
Liquid Software § @tsuyoshi_miyake
[email protected]
3 TPS TPS - Wikipedia: Toyota Production System (https://en.wikipedia.org/wiki/Toyota_Production_System) DevOps
• • • 4
1 SSC N 5 • • •
1 N 6 VCS (Git) CI/CD ??? • • •
SSC OSS B C A OSS OSS SSC SSC 7
8 • • • •
(CVE) by OSS (CVE) Executive Order on Improving the Nation
s Cybersecurity CVE 9
24/7 Dedicated Support + DevOps Acceleration Service Arm BUILD TEST
RELEASE DEPLOY CI/CD On Premises & Multicloud VCS ACCESS FEDERATION ACL SSO 10 JFrog Platform
Artifactory for 11 docker-prod-local docker-dev-local (default) docker-qa-local Docker Hub docker-remote
docker
WATCHES Xray for SBOM (Software Bill of Materials) 12 POLICIES
Security License Fail Build Web Hooks, Slack, Emails XUC (Xray Update Center) Bundle Build Build Repo Repo Frogbot IDE XRAY ARTIFACTORY SBOM (SPDX, CycloneDX)
13 PIPELINES > git commit Public Repos IDE Git Repo
package .json ARTIFACTORY XRAY PLUGIN XRAY DISTRIBUTION DISTRIBUTION EDGE DISTRIBUTION EDGE Connect Pull Request with JFrog Platform
JFrog 14
THANK YOU!
tsuyo
ymotongpoo
ryoichi_ota
sansantech
kentapapa
gappy50
leko
almondo_event
hr01
shuta13
yano13
maruloop
r_miura
sachag
carmenintech
pedronauck
sstephenson
aleyda
lara
addyosmani
eitanlees
tanoku
bryan
afnizarnur
keavy
