Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
安全なソフトウェアサプライチェーンの実現 / secure-software-supply-c...
Search
Tsuyoshi Miyake
May 18, 2022
Technology
0
24
安全なソフトウェアサプライチェーンの実現 / secure-software-supply-chain-with-jfrog
2022/05/18 に実施した JFrog x SoftBank x PrismaCloud 共同 DevSecOps セミナーの JFrog 発表分です
Tsuyoshi Miyake
May 18, 2022
Tweet
Share
More Decks by Tsuyoshi Miyake
See All by Tsuyoshi Miyake
JFrog 最新情報 - JFrog DevOps プラットフォームの今までとこれから / jfrog-update-for-devopskaigi-2022
tsuyo
0
360
猿でもわかるコンテナ V3 / a-monkeys-guide-to-container-v3
tsuyo
0
41
猿でもわかる DevOps / a-monkeys-guide-to-devops
tsuyo
0
720
はじめての JFrog Platform V2 / getting-started-with-jfrog-platform-v2
tsuyo
0
270
はじめての JFrog Distribution / getting-started-with-jfrog-distribution
tsuyo
0
150
はじめての JFrog Pipelines / getting-started-with-jfrog-pipelines
tsuyo
0
180
はじめての JFrog Xray / getting-started-with-jfrog-xray
tsuyo
0
1.4k
はじめての JFrog Artifactory / getting-started-with-jfrog-artifactory
tsuyo
0
890
はじめての JFrog Platform / getting-started-with-jfrog-platform
tsuyo
0
750
Other Decks in Technology
See All in Technology
The Role of Developer Relations in AI Product Success.
giftojabu1
0
130
Engineer Career Talk
lycorp_recruit_jp
0
190
IBC 2024 動画技術関連レポート / IBC 2024 Report
cyberagentdevelopers
PRO
1
110
Can We Measure Developer Productivity?
ewolff
1
150
日経電子版のStoreKit2フルリニューアル
shimastripe
1
140
SRE×AIOpsを始めよう!GuardDutyによるお手軽脅威検出
amixedcolor
0
170
Application Development WG Intro at AppDeveloperCon
salaboy
0
190
ISUCONに強くなるかもしれない日々の過ごしかた/Findy ISUCON 2024-11-14
fujiwara3
8
870
強いチームと開発生産性
onk
PRO
35
11k
DynamoDB でスロットリングが発生したとき/when_throttling_occurs_in_dynamodb_short
emiki
0
250
iOS/Androidで同じUI体験をネ イティブで作成する際に気をつ けたい落とし穴
fumiyasac0921
1
110
組織成長を加速させるオンボーディングの取り組み
sudoakiy
2
210
Featured
See All Featured
The Cult of Friendly URLs
andyhume
78
6k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
31
2.7k
Designing the Hi-DPI Web
ddemaree
280
34k
Art, The Web, and Tiny UX
lynnandtonic
297
20k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
26
1.4k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
42
9.2k
Building Adaptive Systems
keathley
38
2.3k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
246
1.3M
Adopting Sorbet at Scale
ufuk
73
9.1k
Designing for Performance
lara
604
68k
Done Done
chrislema
181
16k
Unsuck your backbone
ammeep
668
57k
Transcript
DevSecOps with JFrog Platform
2 § § Sr. DevOps Acceleration Engineer @JFrog § DevOps
Liquid Software § @tsuyoshi_miyake
[email protected]
3 TPS TPS - Wikipedia: Toyota Production System (https://en.wikipedia.org/wiki/Toyota_Production_System) DevOps
• • • 4
1 SSC N 5 • • •
1 N 6 VCS (Git) CI/CD ??? • • •
SSC OSS B C A OSS OSS SSC SSC 7
8 • • • •
(CVE) by OSS (CVE) Executive Order on Improving the Nation
s Cybersecurity CVE 9
24/7 Dedicated Support + DevOps Acceleration Service Arm BUILD TEST
RELEASE DEPLOY CI/CD On Premises & Multicloud VCS ACCESS FEDERATION ACL SSO 10 JFrog Platform
Artifactory for 11 docker-prod-local docker-dev-local (default) docker-qa-local Docker Hub docker-remote
docker
WATCHES Xray for SBOM (Software Bill of Materials) 12 POLICIES
Security License Fail Build Web Hooks, Slack, Emails XUC (Xray Update Center) Bundle Build Build Repo Repo Frogbot IDE XRAY ARTIFACTORY SBOM (SPDX, CycloneDX)
13 PIPELINES > git commit Public Repos IDE Git Repo
package .json ARTIFACTORY XRAY PLUGIN XRAY DISTRIBUTION DISTRIBUTION EDGE DISTRIBUTION EDGE Connect Pull Request with JFrog Platform
JFrog 14
THANK YOU!