Upgrade to Pro — share decks privately, control downloads, hide ads and more …

安全なソフトウェアサプライチェーンの実現 / secure-software-supply-c...

Tsuyoshi Miyake
May 18, 2022
Technology
0
25

安全なソフトウェアサプライチェーンの実現 / secure-software-supply-chain-with-jfrog

2022/05/18 に実施した JFrog x SoftBank x PrismaCloud 共同 DevSecOps セミナーの JFrog 発表分です

Tsuyoshi Miyake

May 18, 2022
Tweet

More Decks by Tsuyoshi Miyake

See All by Tsuyoshi Miyake
JFrog 最新情報 - JFrog DevOps プラットフォームの今までとこれから / jfrog-update-for-devopskaigi-2022
tsuyo
0
380
猿でもわかるコンテナ V3 / a-monkeys-guide-to-container-v3
tsuyo
0
43
猿でもわかる DevOps / a-monkeys-guide-to-devops
tsuyo
0
740
はじめての JFrog Platform V2 / getting-started-with-jfrog-platform-v2
tsuyo
0
290
はじめての JFrog Distribution / getting-started-with-jfrog-distribution
tsuyo
0
160
はじめての JFrog Pipelines / getting-started-with-jfrog-pipelines
tsuyo
0
190
はじめての JFrog Xray / getting-started-with-jfrog-xray
tsuyo
0
1.4k
はじめての JFrog Artifactory / getting-started-with-jfrog-artifactory
tsuyo
0
930
はじめての JFrog Platform / getting-started-with-jfrog-platform
tsuyo
0
750

Other Decks in Technology

See All in Technology
商品レコメンドでのexplicit negative feedbackの活用
alpicola
2
370
技術に触れたり、顔を出そう
maruto
1
150
東京Ruby会議12 Ruby と Rust と私 / Tokyo RubyKaigi 12 Ruby, Rust and me
eagletmt
3
870
Oracle Base Database Service 技術詳細
oracle4engineer
PRO
6
54k
2024年活動報告会(人材育成推進WG・ビジネスサブWG) / 20250114-OIDF-J-EduWG-BizSWG
oidfj
0
230
あなたの知らないクラフトビールの世界
miura55
0
130
デジタルアイデンティティ人材育成推進ワーキンググループ 翻訳サブワーキンググループ 活動報告 / 20250114-OIDF-J-EduWG-TranslationSWG
oidfj
0
540
Accessibility Inspectorを活用した アプリのアクセシビリティ向上方法
hinakko
0
180
AIアプリケーション開発でAzure AI Searchを使いこなすためには
isidaitc
0
110
Git scrapingで始める継続的なデータ追跡 / Git Scraping
ohbarye
5
500
実践! ソフトウェアエンジニアリングの価値の計測 ── Effort、Output、Outcome、Impact
nomuson
0
2.1k
CDKのコードレビューを楽にするパッケージcdk-mentorを作ってみた/cdk-mentor
tomoki10
0
210

Featured

See All Featured
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
45
2.3k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
27
1.5k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
656
59k
Building Your Own Lightsaber
phodgson
104
6.2k
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
3
180
Imperfection Machines: The Place of Print at Facebook
scottboms
267
13k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
248
1.3M
The World Runs on Bad Software
bkeepers
PRO
66
11k
Documentation Writing (for coders)
carmenintech
67
4.5k
Raft: Consensus for Rubyists
vanstee
137
6.7k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
10
870
Designing on Purpose - Digital PM Summit 2013
jponch
116
7.1k

Transcript

  1. DevSecOps with JFrog Platform

  2. 2 § § Sr. DevOps Acceleration Engineer @JFrog § DevOps

    Liquid Software § @tsuyoshi_miyake [email protected]

  3. 3 TPS TPS - Wikipedia: Toyota Production System (https://en.wikipedia.org/wiki/Toyota_Production_System) DevOps

  4. • • • 4

  5. 1 SSC N 5 • • •

  6. 1 N 6 VCS (Git) CI/CD ??? • • •

  7. SSC OSS B C A OSS OSS SSC SSC 7

  8. 8 • • • •

  9. (CVE) by OSS (CVE) Executive Order on Improving the Nation

    s Cybersecurity CVE 9

  10. 24/7 Dedicated Support + DevOps Acceleration Service Arm BUILD TEST

    RELEASE DEPLOY CI/CD On Premises & Multicloud VCS ACCESS FEDERATION ACL SSO 10 JFrog Platform

  11. Artifactory for 11 docker-prod-local docker-dev-local (default) docker-qa-local Docker Hub docker-remote

    docker

  12. WATCHES Xray for SBOM (Software Bill of Materials) 12 POLICIES

    Security License Fail Build Web Hooks, Slack, Emails XUC (Xray Update Center) Bundle Build Build Repo Repo Frogbot IDE XRAY ARTIFACTORY SBOM (SPDX, CycloneDX)

  13. 13 PIPELINES > git commit Public Repos IDE Git Repo

    package .json ARTIFACTORY XRAY PLUGIN XRAY DISTRIBUTION DISTRIBUTION EDGE DISTRIBUTION EDGE Connect Pull Request with JFrog Platform

  14. JFrog 14

  15. THANK YOU!