Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
安全なソフトウェアサプライチェーンの実現 / secure-software-supply-c...
Search
Tsuyoshi Miyake
May 18, 2022
Technology
0
25
安全なソフトウェアサプライチェーンの実現 / secure-software-supply-chain-with-jfrog
2022/05/18 に実施した JFrog x SoftBank x PrismaCloud 共同 DevSecOps セミナーの JFrog 発表分です
Tsuyoshi Miyake
May 18, 2022
Tweet
Share
More Decks by Tsuyoshi Miyake
See All by Tsuyoshi Miyake
JFrog 最新情報 - JFrog DevOps プラットフォームの今までとこれから / jfrog-update-for-devopskaigi-2022
tsuyo
0
370
猿でもわかるコンテナ V3 / a-monkeys-guide-to-container-v3
tsuyo
0
42
猿でもわかる DevOps / a-monkeys-guide-to-devops
tsuyo
0
730
はじめての JFrog Platform V2 / getting-started-with-jfrog-platform-v2
tsuyo
0
280
はじめての JFrog Distribution / getting-started-with-jfrog-distribution
tsuyo
0
150
はじめての JFrog Pipelines / getting-started-with-jfrog-pipelines
tsuyo
0
180
はじめての JFrog Xray / getting-started-with-jfrog-xray
tsuyo
0
1.4k
はじめての JFrog Artifactory / getting-started-with-jfrog-artifactory
tsuyo
0
900
はじめての JFrog Platform / getting-started-with-jfrog-platform
tsuyo
0
750
Other Decks in Technology
See All in Technology
Amazon SageMaker Unified Studio(Preview)、Lakehouse と Amazon S3 Tables
ishikawa_satoru
0
150
MLOps の現場から
asei
6
640
WACATE2024冬セッション資料(ユーザビリティ)
scarletplover
0
200
2024年にチャレンジしたことを振り返るぞ
mitchan
0
140
DevOps視点でAWS re:invent2024の新サービス・アプデを振り返ってみた
oshanqq
0
180
20241220_S3 tablesの使い方を検証してみた
handy
4
570
AI時代のデータセンターネットワーク
lycorptech_jp
PRO
1
290
どちらを使う?GitHub or Azure DevOps Ver. 24H2
kkamegawa
0
810
podman_update_2024-12
orimanabu
1
270
サーバレスアプリ開発者向けアップデートをキャッチアップしてきた #AWSreInvent #regrowth_fuk
drumnistnakano
0
190
日本版とグローバル版のモバイルアプリ統合の開発の裏側と今後の展望
miichan
1
130
NW-JAWS #14 re:Invent 2024(予選落ち含)で 発表された推しアップデートについて
nagisa53
0
270
Featured
See All Featured
Documentation Writing (for coders)
carmenintech
66
4.5k
Large-scale JavaScript Application Architecture
addyosmani
510
110k
Typedesign – Prime Four
hannesfritz
40
2.4k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
10
810
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
127
18k
How STYLIGHT went responsive
nonsquared
95
5.2k
Building Better People: How to give real-time feedback that sticks.
wjessup
365
19k
Writing Fast Ruby
sferik
628
61k
Git: the NoSQL Database
bkeepers
PRO
427
64k
Stop Working from a Prison Cell
hatefulcrawdad
267
20k
Optimising Largest Contentful Paint
csswizardry
33
3k
Why You Should Never Use an ORM
jnunemaker
PRO
54
9.1k
Transcript
DevSecOps with JFrog Platform
2 § § Sr. DevOps Acceleration Engineer @JFrog § DevOps
Liquid Software § @tsuyoshi_miyake
[email protected]
3 TPS TPS - Wikipedia: Toyota Production System (https://en.wikipedia.org/wiki/Toyota_Production_System) DevOps
• • • 4
1 SSC N 5 • • •
1 N 6 VCS (Git) CI/CD ??? • • •
SSC OSS B C A OSS OSS SSC SSC 7
8 • • • •
(CVE) by OSS (CVE) Executive Order on Improving the Nation
s Cybersecurity CVE 9
24/7 Dedicated Support + DevOps Acceleration Service Arm BUILD TEST
RELEASE DEPLOY CI/CD On Premises & Multicloud VCS ACCESS FEDERATION ACL SSO 10 JFrog Platform
Artifactory for 11 docker-prod-local docker-dev-local (default) docker-qa-local Docker Hub docker-remote
docker
WATCHES Xray for SBOM (Software Bill of Materials) 12 POLICIES
Security License Fail Build Web Hooks, Slack, Emails XUC (Xray Update Center) Bundle Build Build Repo Repo Frogbot IDE XRAY ARTIFACTORY SBOM (SPDX, CycloneDX)
13 PIPELINES > git commit Public Repos IDE Git Repo
package .json ARTIFACTORY XRAY PLUGIN XRAY DISTRIBUTION DISTRIBUTION EDGE DISTRIBUTION EDGE Connect Pull Request with JFrog Platform
JFrog 14
THANK YOU!