Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
安全なソフトウェアサプライチェーンの実現 / secure-software-supply-c...
Search
Tsuyoshi Miyake
May 18, 2022
Technology
53
0
Share
安全なソフトウェアサプライチェーンの実現 / secure-software-supply-chain-with-jfrog
2022/05/18 に実施した JFrog x SoftBank x PrismaCloud 共同 DevSecOps セミナーの JFrog 発表分です
Tsuyoshi Miyake
May 18, 2022
More Decks by Tsuyoshi Miyake
See All by Tsuyoshi Miyake
JFrog 最新情報 - JFrog DevOps プラットフォームの今までとこれから / jfrog-update-for-devopskaigi-2022
tsuyo
0
460
猿でもわかるコンテナ V3 / a-monkeys-guide-to-container-v3
tsuyo
0
94
猿でもわかる DevOps / a-monkeys-guide-to-devops
tsuyo
0
870
はじめての JFrog Platform V2 / getting-started-with-jfrog-platform-v2
tsuyo
0
420
はじめての JFrog Distribution / getting-started-with-jfrog-distribution
tsuyo
0
200
はじめての JFrog Pipelines / getting-started-with-jfrog-pipelines
tsuyo
0
240
はじめての JFrog Xray / getting-started-with-jfrog-xray
tsuyo
0
1.6k
はじめての JFrog Artifactory / getting-started-with-jfrog-artifactory
tsuyo
0
1.2k
はじめての JFrog Platform / getting-started-with-jfrog-platform
tsuyo
0
860
Other Decks in Technology
See All in Technology
地元にいないローカルオーガナイザーの立ち回り
uvb_76
1
450
oracle-to-databricks-migration-with-llm-and-dbt
casek
1
430
Oracle AI Database@AWS:サービス概要のご紹介
oracle4engineer
PRO
4
2.8k
JEP 522 Deep Dive - G1 GC同期コスト削減によるスループット向上を徹底検証&解説
tabatad
1
680
Oracle AI Database@Google Cloud:サービス概要のご紹介
oracle4engineer
PRO
6
1.5k
エンジニアは生成AIと どのように向き合うべきか? ことばの意味という観点から
verypluming
3
340
OCI Oracle AI Database Services新機能アップデート(2026/03-2026/05)
oracle4engineer
PRO
0
170
電子辞書Brainをネットに繋げてみた(自力編)
raspython3
0
430
はじめてのDatadog
kairim0
0
260
サイバーセキュリティ概論 / Introduction to Cybersecurity
ks91
PRO
0
130
「嘘をつくテスト」の失敗例から学ぶ 良いテストコード #frontend_phpcon_do
asumikam
0
160
AI-DLCを活用した高品質・安全なAI駆動開発実践 / AI Driven Development
yoshidashingo
1
320
Featured
See All Featured
The Curious Case for Waylosing
cassininazir
1
370
Build your cross-platform service in a week with App Engine
jlugia
234
18k
Why Your Marketing Sucks and What You Can Do About It - Sophie Logan
marketingsoph
0
160
Redefining SEO in the New Era of Traffic Generation
szymonslowik
1
320
Building AI with AI
inesmontani
PRO
1
1k
Code Review Best Practice
trishagee
74
20k
Max Prin - Stacking Signals: How International SEO Comes Together (And Falls Apart)
techseoconnect
PRO
0
170
Sam Torres - BigQuery for SEOs
techseoconnect
PRO
0
280
For a Future-Friendly Web
brad_frost
183
10k
Java REST API Framework Comparison - PWX 2021
mraible
34
9.3k
A Modern Web Designer's Workflow
chriscoyier
698
190k
Building the Perfect Custom Keyboard
takai
2
780
Transcript
DevSecOps with JFrog Platform
2 § § Sr. DevOps Acceleration Engineer @JFrog § DevOps
Liquid Software § @tsuyoshi_miyake
[email protected]
3 TPS TPS - Wikipedia: Toyota Production System (https://en.wikipedia.org/wiki/Toyota_Production_System) DevOps
• • • 4
1 SSC N 5 • • •
1 N 6 VCS (Git) CI/CD ??? • • •
SSC OSS B C A OSS OSS SSC SSC 7
8 • • • •
(CVE) by OSS (CVE) Executive Order on Improving the Nation
s Cybersecurity CVE 9
24/7 Dedicated Support + DevOps Acceleration Service Arm BUILD TEST
RELEASE DEPLOY CI/CD On Premises & Multicloud VCS ACCESS FEDERATION ACL SSO 10 JFrog Platform
Artifactory for 11 docker-prod-local docker-dev-local (default) docker-qa-local Docker Hub docker-remote
docker
WATCHES Xray for SBOM (Software Bill of Materials) 12 POLICIES
Security License Fail Build Web Hooks, Slack, Emails XUC (Xray Update Center) Bundle Build Build Repo Repo Frogbot IDE XRAY ARTIFACTORY SBOM (SPDX, CycloneDX)
13 PIPELINES > git commit Public Repos IDE Git Repo
package .json ARTIFACTORY XRAY PLUGIN XRAY DISTRIBUTION DISTRIBUTION EDGE DISTRIBUTION EDGE Connect Pull Request with JFrog Platform
JFrog 14
THANK YOU!
tsuyo
uvb_76
casek
oracle4engineer
tabatad
verypluming
raspython3
kairim0
ks91
asumikam
yoshidashingo
cassininazir
jlugia
marketingsoph
szymonslowik
inesmontani
trishagee
techseoconnect
brad_frost
mraible
chriscoyier
takai
