Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

DevSecOps reference architectures 2018

4 004 vues

Publié le

DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix

DevOps 2018

Publié dans : Logiciels
  • The Bulimia Recovery Program, We Recovered, You CAN TOO! ♥♥♥ http://scamcb.com/bulimiarec/pdf
    Voulez-vous vraiment ?  Oui  Non
    Votre message apparaîtra ici
  • If you would like to see the original sources of the images on each slide, they are available in the speaker notes section. You can download the slides in order to get easy visibility to the speaker notes.
    Voulez-vous vraiment ?  Oui  Non
    Votre message apparaîtra ici

DevSecOps reference architectures 2018

  1. 1. DevSecOps Reference Architectures Derek E. Weeks VP and DevOps Advocate Sonatype 2018
  2. 2. About this collection 1. The reference architectures can be used to validate choices you have made or are planning to make. 2. They are curated from the community. You will notice a number of common elements that are used repeatedly. 3. Each image has a link to its original source in the speaker notes, enabling you to deep dive for more knowledge. If you would like to have your reference architecture added to this deck, please send it to weeks@sonatype.com.
  3. 3. Integration Points and Degree of Automation DevSecOpsTooling Design Development (IDE) Repository Manager CI/CD Post-Deployment Open source governance Open source software analysis n/a Static Application Security Testing (SAST) n/a Dynamic Application Security Testing (DAST) n/a n/a n/a Interactive Application Security Testing (IAST) n/a n/a n/a Mobile Application Security Testing (MAST) n/a n/a Run-time Application Self Protection (RASP) n/a n/a n/a Container and Infrastructure Security n/a Source: Gartner, December 2017, Structuring Application Security Practices and Tools to Support DevOps and DevSecOps Degrees of DevSecOp s Automatio n
  4. 4. Common Elements of a DevSecOps Pipeline
  5. 5. DevSecOps according to U.S. Dept of Defense/JIDO
  6. 6. DevSecOps according to Magno Rodrigues
  7. 7. DevSecOps according to Carnegie Mellon’s SEI
  8. 8. DevSecOps according to Jim Bird
  9. 9. DevSecOps according to Larry Maccherone
  10. 10. DevSecOps according to Steve Springett
  11. 11. DevSecOps according to TeachEra
  12. 12. Learn More From Your Peers 21 DevSecOps practitioners from leading enterprises to shared their experiences and best practices. All 21 recordings are available for free at www.alldaydevops.com.
  13. 13. DevSecOps according to Coveros
  14. 14. DevSecOps according to Aaron Weaver
  15. 15. DevSecOps according to Dr. Ravi Rajamiyer
  16. 16. DevSecOps according to ACROSEC
  17. 17. DevSecOps according to Ranger4
  18. 18. DevSecOps according to AWS @IanMmmm
  19. 19. DevSecOps according to AWS
  20. 20. DevSecOps according to Accenture
  21. 21. DevSecOps according to Shine Solutions
  22. 22. DevSecOps according to Ellucian
  23. 23. DevSecOps according to WhiteHat Security
  24. 24. DevSecOps according to GSA https://tech.gsa.gov/guides/building_devsecops_culture/
  25. 25. DevSecOps according to Sense of Security
  26. 26. We would love to add your DevSecOps reference architecture to this deck. How? 1. Send it to me (weeks@sonatype.com), with the subject line: DevSecOps reference architecture. 2. Provide me link as to where people can find more information about the architecture (e.g., your blog, a video, a SlideShare deck). 3. I’ll add it to this deck with full attribution to you, and let you know that it’s been updated. It’s that easy. We all learn with help from the community. Thank you for your contributions!