Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
安全なソフトウェアサプライチェーンの実現 / secure-software-supply-c...
Search
Tsuyoshi Miyake
May 18, 2022
Technology
0
39
安全なソフトウェアサプライチェーンの実現 / secure-software-supply-chain-with-jfrog
2022/05/18 に実施した JFrog x SoftBank x PrismaCloud 共同 DevSecOps セミナーの JFrog 発表分です
Tsuyoshi Miyake
May 18, 2022
Tweet
Share
More Decks by Tsuyoshi Miyake
See All by Tsuyoshi Miyake
JFrog 最新情報 - JFrog DevOps プラットフォームの今までとこれから / jfrog-update-for-devopskaigi-2022
tsuyo
0
420
猿でもわかるコンテナ V3 / a-monkeys-guide-to-container-v3
tsuyo
0
67
猿でもわかる DevOps / a-monkeys-guide-to-devops
tsuyo
0
810
はじめての JFrog Platform V2 / getting-started-with-jfrog-platform-v2
tsuyo
0
350
はじめての JFrog Distribution / getting-started-with-jfrog-distribution
tsuyo
0
170
はじめての JFrog Pipelines / getting-started-with-jfrog-pipelines
tsuyo
0
200
はじめての JFrog Xray / getting-started-with-jfrog-xray
tsuyo
0
1.5k
はじめての JFrog Artifactory / getting-started-with-jfrog-artifactory
tsuyo
0
1.1k
はじめての JFrog Platform / getting-started-with-jfrog-platform
tsuyo
0
810
Other Decks in Technology
See All in Technology
ACA でMAGI システムを社内で展開しようとした話
mappie_kochi
1
290
実装で解き明かす並行処理の歴史
zozotech
PRO
1
540
OpenAI gpt-oss ファインチューニング入門
kmotohas
2
1k
後進育成のしくじり〜任せるスキルとリーダーシップの両立〜
matsu0228
7
2.8k
空間を設計する力を考える / 20251004 Naoki Takahashi
shift_evolve
PRO
3
400
生成AIとM5Stack / M5 Japan Tour 2025 Autumn 東京
you
PRO
0
230
職種別ミートアップで社内から盛り上げる アウトプット文化の醸成と関係強化/ #DevRelKaigi
nishiuma
2
140
o11yで育てる、強い内製開発組織
_awache
3
120
SOC2取得の全体像
shonansurvivors
1
410
OCI Network Firewall 概要
oracle4engineer
PRO
1
7.8k
How to achieve interoperable digital identity across Asian countries
fujie
0
120
SREとソフトウェア開発者の合同チームはどのようにS3のコストを削減したか?
muziyoshiz
1
100
Featured
See All Featured
The Cult of Friendly URLs
andyhume
79
6.6k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
34
6.1k
Art, The Web, and Tiny UX
lynnandtonic
303
21k
Imperfection Machines: The Place of Print at Facebook
scottboms
269
13k
Six Lessons from altMBA
skipperchong
28
4k
Stop Working from a Prison Cell
hatefulcrawdad
271
21k
BBQ
matthewcrist
89
9.8k
Automating Front-end Workflow
addyosmani
1371
200k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
9
960
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
132
19k
Learning to Love Humans: Emotional Interface Design
aarron
274
40k
Java REST API Framework Comparison - PWX 2021
mraible
33
8.8k
Transcript
DevSecOps with JFrog Platform
2 § § Sr. DevOps Acceleration Engineer @JFrog § DevOps
Liquid Software § @tsuyoshi_miyake
[email protected]
3 TPS TPS - Wikipedia: Toyota Production System (https://en.wikipedia.org/wiki/Toyota_Production_System) DevOps
• • • 4
1 SSC N 5 • • •
1 N 6 VCS (Git) CI/CD ??? • • •
SSC OSS B C A OSS OSS SSC SSC 7
8 • • • •
(CVE) by OSS (CVE) Executive Order on Improving the Nation
s Cybersecurity CVE 9
24/7 Dedicated Support + DevOps Acceleration Service Arm BUILD TEST
RELEASE DEPLOY CI/CD On Premises & Multicloud VCS ACCESS FEDERATION ACL SSO 10 JFrog Platform
Artifactory for 11 docker-prod-local docker-dev-local (default) docker-qa-local Docker Hub docker-remote
docker
WATCHES Xray for SBOM (Software Bill of Materials) 12 POLICIES
Security License Fail Build Web Hooks, Slack, Emails XUC (Xray Update Center) Bundle Build Build Repo Repo Frogbot IDE XRAY ARTIFACTORY SBOM (SPDX, CycloneDX)
13 PIPELINES > git commit Public Repos IDE Git Repo
package .json ARTIFACTORY XRAY PLUGIN XRAY DISTRIBUTION DISTRIBUTION EDGE DISTRIBUTION EDGE Connect Pull Request with JFrog Platform
JFrog 14
THANK YOU!
tsuyo
mappie_kochi
zozotech
kmotohas
matsu0228
shift_evolve
you
nishiuma
_awache
shonansurvivors
oracle4engineer
fujie
muziyoshiz
andyhume
kevinliebholz
lynnandtonic
scottboms
skipperchong
hatefulcrawdad
matthewcrist
addyosmani
irinanazarova
morganepeng
aarron
mraible
