SlideShare a Scribd company logo

Trusting Your Ingredients - What Building Software And Cheesecake Have In Common

L
Leon Stigter

I have a confession to make. I love writing code almost as much as I love cheesecake. As a developer, I’ve written code and built apps, and I realized that building apps and creating a cheesecake have a lot in common. In both cases you need to have the right ingredients, you need to trust your suppliers and have transparency in your production process. In this talk, we'll look at how you can, and why you should, know what is in the app you deploy

Software
1 of 38
Trusting Your Ingredients What Building Software And Cheesecake Have In Common
27Number of ingredients in this cake mix Let’s talk about numbers! @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
176Safety violations in imported food to Japan in 2016 Let’s talk about numbers! @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved https://www.statista.com/statistics/797574/japan-imported-foods-safety-violations-standards-hazardous-substances-by-country/
976Number of packages installed for @angular/cli Let’s talk about numbers! @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
Let’s talk about numbers! @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved For three years in a row more than one billion records have been exposed in the first quarter of the year
Let’s talk about numbers! @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved For three years in a row more than one billion records have been exposed in the first quarter of the year
• Developer Advocate • Passionate about Serverless, Containers, and all things Cloud • I love dadjokes, cheesecake and APIs Who am i? @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved @LeonStigter Leon Stigter, Developer Advocate
Petyr the Pastry Chef Arya the App Dev Introducing our main characters @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
• Ingredients • Recipe • Kitchen stuff (whisk, bowl, spatula) • Appliances (oven, fridge) • Fork Making a cheesecake @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
• Ingredients • Recipe • Kitchen stuff (whisk, bowl, spatula) • Appliances (oven, fridge) • Fork • Libraries (Jars, Modules, Gems…) • Source code • Dev tools (editor, cli tools, vcs) • Build tools (CI/CD server) • Runtime (K8s) Building an app @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
@LeonStigter | Copyright © 2019 JFrog. All Rights Reserved Let’s start with ingredients
Will subpar ingredients get me the best cheesecake? The best ingredients for the best cheesecake @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
Where do the vendors I use get the ingredients from? Where do I get my ingredients from? @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
End-to-End transparency TRUST Traceability What matters for ingredients? @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
Where do my ingredients come from? @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
Trust, but verify… @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved Do you trust your colleagues? I hope the answer is yes
Trust is built with consistency @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved Do you trust the rest of the world?
98% of developers use Open Source tools at work 96% of commercial apps embed Open Source 79% of businesses use Open Source for key systems Do you trust the rest of the world? @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
3407 Number of security vulnerabilities discovered and reported in 2019 https://www.cvedetails.com/vulnerability-list/year-2019/vulnerabilities.html Do you trust the rest of the world? @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
I think it is safe to say that… @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved Having trust in where your ingredients come from and who made them is important in both making cheesecake and software
@LeonStigter | Copyright © 2019 JFrog. All Rights Reserved Let’s look at transparency
Kitchen brand NEFF questioned 1,500 Brits Only 7% thinks it’s important to follow recipes Following the recipe, but add a little of yourself @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
Protecting your recipes @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
35 licenses • 13 require you to publish product sources • 4 allow users to ask for sources on hosted software Open source licenses @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved Source: https://choosealicense.com/appendix/
Source code Recipes in software @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved Developers programming in DevSecOps environments fix 11x faster than other developers
Common faults • Input Validation • Memory Corruption • Numeric Errors • Cryptographic Issues But what about • Hardcoded Passwords, • Missing Validation • Backdoors • Data Anomalies Recipes in software: things to watch for @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
Choosing the right equipment @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
Providing visibility into your process @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved SECURITY The philosophy of integrating security practices within the DevOps process. #SecurityFirst culture! How? Introducing security earlier in the life cycle of application development
Tool selection @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved 77%of developers have a say in which tools their company uses Source: State of the Developer Nation Q3’17
• DevSecOps aims to embed security in every part of the application lifecycle – run time, build time and even development time. • It means developing more secure applications faster refusing to accept that the two (secure & fast) are mutually exclusive! Shifting left… @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
Providing visibility into your process @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
Immutability and repeatability @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved The best way to guarantee issues is force push Immutable dependencies Who doesn’t remember left-pad with Node.js? Lost Dependencies Do you trust your suppliers enough? Internet Issues
Making your cheesecake and having it too @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
Buildtime, Runtime, and real-time security @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
• Ingredients • Recipe • Kitchen stuff (whisk, bowl, spatula) • Appliances (oven, fridge) • Fork • Libraries (Jars, Modules, Gems…) • Source code • Dev tools (editor, cli tools, vcs) • Build tools (CI/CD server) • Runtime (K8s) recap @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
Trusting your ingredients Trusting your suppliers Transparency in your process recap @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
Thank you! Questions? @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved

Recommended

Thinking Stateful Serverless
Thinking Stateful ServerlessThinking Stateful Serverless
Thinking Stateful ServerlessLeon Stigter
 
Test driving event-driven apps on kubernetes with kind, tekton, and knative
Test driving event-driven apps on kubernetes with kind, tekton, and knativeTest driving event-driven apps on kubernetes with kind, tekton, and knative
Test driving event-driven apps on kubernetes with kind, tekton, and knativeLeon Stigter
 
Building Event-Driven Workflows with Knative and Tekton
Building Event-Driven Workflows with Knative and TektonBuilding Event-Driven Workflows with Knative and Tekton
Building Event-Driven Workflows with Knative and TektonLeon Stigter
 
Data Driven Decisions in DevOps
Data Driven Decisions in DevOpsData Driven Decisions in DevOps
Data Driven Decisions in DevOpsLeon Stigter
 
Every Talk Has To Be Unique @ DevRel Meetup
Every Talk Has To Be Unique @ DevRel Meetup Every Talk Has To Be Unique @ DevRel Meetup
Every Talk Has To Be Unique @ DevRel Meetup Leon Stigter
 
Continuous Verification in a Serverless World
Continuous Verification in a Serverless WorldContinuous Verification in a Serverless World
Continuous Verification in a Serverless WorldLeon Stigter
 
Continuous Verification in a Serverless World
Continuous Verification in a Serverless WorldContinuous Verification in a Serverless World
Continuous Verification in a Serverless WorldLeon Stigter
 
Trusting Your Ingredients @DevOpsDays Columbus 2019
Trusting Your Ingredients @DevOpsDays Columbus 2019Trusting Your Ingredients @DevOpsDays Columbus 2019
Trusting Your Ingredients @DevOpsDays Columbus 2019Leon Stigter
 

Recommended

Thinking Stateful Serverless
Thinking Stateful ServerlessThinking Stateful Serverless
Thinking Stateful ServerlessLeon Stigter
 
Test driving event-driven apps on kubernetes with kind, tekton, and knative
Test driving event-driven apps on kubernetes with kind, tekton, and knativeTest driving event-driven apps on kubernetes with kind, tekton, and knative
Test driving event-driven apps on kubernetes with kind, tekton, and knativeLeon Stigter
 
Building Event-Driven Workflows with Knative and Tekton
Building Event-Driven Workflows with Knative and TektonBuilding Event-Driven Workflows with Knative and Tekton
Building Event-Driven Workflows with Knative and TektonLeon Stigter
 
Data Driven Decisions in DevOps
Data Driven Decisions in DevOpsData Driven Decisions in DevOps
Data Driven Decisions in DevOpsLeon Stigter
 
Every Talk Has To Be Unique @ DevRel Meetup
Every Talk Has To Be Unique @ DevRel Meetup Every Talk Has To Be Unique @ DevRel Meetup
Every Talk Has To Be Unique @ DevRel Meetup Leon Stigter
 
Continuous Verification in a Serverless World
Continuous Verification in a Serverless WorldContinuous Verification in a Serverless World
Continuous Verification in a Serverless WorldLeon Stigter
 
Continuous Verification in a Serverless World
Continuous Verification in a Serverless WorldContinuous Verification in a Serverless World
Continuous Verification in a Serverless WorldLeon Stigter
 
Trusting Your Ingredients @DevOpsDays Columbus 2019
Trusting Your Ingredients @DevOpsDays Columbus 2019Trusting Your Ingredients @DevOpsDays Columbus 2019
Trusting Your Ingredients @DevOpsDays Columbus 2019Leon Stigter
 
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes… Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes… Leon Stigter
 
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…Leon Stigter
 
Trusting Your Ingredients - What Building Software And Cheesecake Have In Common
Trusting Your Ingredients - What Building Software And Cheesecake Have In CommonTrusting Your Ingredients - What Building Software And Cheesecake Have In Common
Trusting Your Ingredients - What Building Software And Cheesecake Have In CommonLeon Stigter
 
Building a Kubernetes Powered Central Go Modules Repository
Building a Kubernetes Powered Central Go Modules RepositoryBuilding a Kubernetes Powered Central Go Modules Repository
Building a Kubernetes Powered Central Go Modules RepositoryLeon Stigter
 
Refactoring to Go modules: why and how
Refactoring to Go modules: why and howRefactoring to Go modules: why and how
Refactoring to Go modules: why and howLeon Stigter
 
Persistence is futile (or is it?) - How to Manage, Version, and Promote Docke...
Persistence is futile (or is it?) - How to Manage, Version, and Promote Docke...Persistence is futile (or is it?) - How to Manage, Version, and Promote Docke...
Persistence is futile (or is it?) - How to Manage, Version, and Promote Docke...Leon Stigter
 
Data Driven DevOps
Data Driven DevOpsData Driven DevOps
Data Driven DevOpsLeon Stigter
 
Where did my modules GO? Building and deploying Go Apps w/ GoCenter & Codefresh
Where did my modules GO? Building and deploying Go Apps w/ GoCenter & CodefreshWhere did my modules GO? Building and deploying Go Apps w/ GoCenter & Codefresh
Where did my modules GO? Building and deploying Go Apps w/ GoCenter & CodefreshLeon Stigter
 
DevOps Theory vs. Practice: A Song of Ice and Tire Fire
DevOps Theory vs. Practice: A Song of Ice and Tire FireDevOps Theory vs. Practice: A Song of Ice and Tire Fire
DevOps Theory vs. Practice: A Song of Ice and Tire FireLeon Stigter
 
The Art of Deploying Artifacts to Production With Confidence
The Art of Deploying Artifacts to Production With ConfidenceThe Art of Deploying Artifacts to Production With Confidence
The Art of Deploying Artifacts to Production With ConfidenceLeon Stigter
 
Project Flogo: Serverless Integration, Powered by Flogo and Lambda
Project Flogo: Serverless Integration, Powered by Flogo and LambdaProject Flogo: Serverless Integration, Powered by Flogo and Lambda
Project Flogo: Serverless Integration, Powered by Flogo and LambdaLeon Stigter
 
Project Flogo: An Event-Driven Stack for the Enterprise
Project Flogo: An Event-Driven Stack for the EnterpriseProject Flogo: An Event-Driven Stack for the Enterprise
Project Flogo: An Event-Driven Stack for the EnterpriseLeon Stigter
 
The Road to a Cloud-First Enterprise
The Road to a Cloud-First EnterpriseThe Road to a Cloud-First Enterprise
The Road to a Cloud-First EnterpriseLeon Stigter
 
Building serverless apps with Go & SAM
Building serverless apps with Go & SAMBuilding serverless apps with Go & SAM
Building serverless apps with Go & SAMLeon Stigter
 
Abortion Clinic In Johannesburg ](+27832195400*)[ 🏥 Safe Abortion Pills in Jo...
Abortion Clinic In Johannesburg ](+27832195400*)[ 🏥 Safe Abortion Pills in Jo...Abortion Clinic In Johannesburg ](+27832195400*)[ 🏥 Safe Abortion Pills in Jo...
Abortion Clinic In Johannesburg ](+27832195400*)[ 🏥 Safe Abortion Pills in Jo...Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 
Abortion Pill Prices Germiston ](+27832195400*)[ 🏥 Women's Abortion Clinic in...
Abortion Pill Prices Germiston ](+27832195400*)[ 🏥 Women's Abortion Clinic in...Abortion Pill Prices Germiston ](+27832195400*)[ 🏥 Women's Abortion Clinic in...
Abortion Pill Prices Germiston ](+27832195400*)[ 🏥 Women's Abortion Clinic in...Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 
Abortion Pill Prices Turfloop ](+27832195400*)[ 🏥 Women's Abortion Clinic in ...
Abortion Pill Prices Turfloop ](+27832195400*)[ 🏥 Women's Abortion Clinic in ...Abortion Pill Prices Turfloop ](+27832195400*)[ 🏥 Women's Abortion Clinic in ...
Abortion Pill Prices Turfloop ](+27832195400*)[ 🏥 Women's Abortion Clinic in ...Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 
Workshop: Enabling GenAI Breakthroughs with Knowledge Graphs - GraphSummit Milan
Workshop: Enabling GenAI Breakthroughs with Knowledge Graphs - GraphSummit MilanWorkshop: Enabling GenAI Breakthroughs with Knowledge Graphs - GraphSummit Milan
Workshop: Enabling GenAI Breakthroughs with Knowledge Graphs - GraphSummit MilanNeo4j
 
GraphSummit Milan & Stockholm - Neo4j: The Art of the Possible with Graph
GraphSummit Milan & Stockholm - Neo4j: The Art of the Possible with GraphGraphSummit Milan & Stockholm - Neo4j: The Art of the Possible with Graph
GraphSummit Milan & Stockholm - Neo4j: The Art of the Possible with GraphNeo4j
 
OpenChain Webinar: AboutCode and Beyond - End-to-End SCA
OpenChain Webinar: AboutCode and Beyond - End-to-End SCAOpenChain Webinar: AboutCode and Beyond - End-to-End SCA
OpenChain Webinar: AboutCode and Beyond - End-to-End SCAShane Coughlan
 
The mythical technical debt. (Brooke, please, forgive me)
The mythical technical debt. (Brooke, please, forgive me)The mythical technical debt. (Brooke, please, forgive me)
The mythical technical debt. (Brooke, please, forgive me)Roberto Bettazzoni
 
Effective Strategies for Wix's Scaling challenges - GeeCon
Effective Strategies for Wix's Scaling challenges - GeeConEffective Strategies for Wix's Scaling challenges - GeeCon
Effective Strategies for Wix's Scaling challenges - GeeConNatan Silnitsky
 

More Related Content

More from Leon Stigter

Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes… Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes… Leon Stigter
 
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…Leon Stigter
 
Trusting Your Ingredients - What Building Software And Cheesecake Have In Common
Trusting Your Ingredients - What Building Software And Cheesecake Have In CommonTrusting Your Ingredients - What Building Software And Cheesecake Have In Common
Trusting Your Ingredients - What Building Software And Cheesecake Have In CommonLeon Stigter
 
Building a Kubernetes Powered Central Go Modules Repository
Building a Kubernetes Powered Central Go Modules RepositoryBuilding a Kubernetes Powered Central Go Modules Repository
Building a Kubernetes Powered Central Go Modules RepositoryLeon Stigter
 
Refactoring to Go modules: why and how
Refactoring to Go modules: why and howRefactoring to Go modules: why and how
Refactoring to Go modules: why and howLeon Stigter
 
Persistence is futile (or is it?) - How to Manage, Version, and Promote Docke...
Persistence is futile (or is it?) - How to Manage, Version, and Promote Docke...Persistence is futile (or is it?) - How to Manage, Version, and Promote Docke...
Persistence is futile (or is it?) - How to Manage, Version, and Promote Docke...Leon Stigter
 
Data Driven DevOps
Data Driven DevOpsData Driven DevOps
Data Driven DevOpsLeon Stigter
 
Where did my modules GO? Building and deploying Go Apps w/ GoCenter & Codefresh
Where did my modules GO? Building and deploying Go Apps w/ GoCenter & CodefreshWhere did my modules GO? Building and deploying Go Apps w/ GoCenter & Codefresh
Where did my modules GO? Building and deploying Go Apps w/ GoCenter & CodefreshLeon Stigter
 
DevOps Theory vs. Practice: A Song of Ice and Tire Fire
DevOps Theory vs. Practice: A Song of Ice and Tire FireDevOps Theory vs. Practice: A Song of Ice and Tire Fire
DevOps Theory vs. Practice: A Song of Ice and Tire FireLeon Stigter
 
The Art of Deploying Artifacts to Production With Confidence
The Art of Deploying Artifacts to Production With ConfidenceThe Art of Deploying Artifacts to Production With Confidence
The Art of Deploying Artifacts to Production With ConfidenceLeon Stigter
 
Project Flogo: Serverless Integration, Powered by Flogo and Lambda
Project Flogo: Serverless Integration, Powered by Flogo and LambdaProject Flogo: Serverless Integration, Powered by Flogo and Lambda
Project Flogo: Serverless Integration, Powered by Flogo and LambdaLeon Stigter
 
Project Flogo: An Event-Driven Stack for the Enterprise
Project Flogo: An Event-Driven Stack for the EnterpriseProject Flogo: An Event-Driven Stack for the Enterprise
Project Flogo: An Event-Driven Stack for the EnterpriseLeon Stigter
 
The Road to a Cloud-First Enterprise
The Road to a Cloud-First EnterpriseThe Road to a Cloud-First Enterprise
The Road to a Cloud-First EnterpriseLeon Stigter
 
Building serverless apps with Go & SAM
Building serverless apps with Go & SAMBuilding serverless apps with Go & SAM
Building serverless apps with Go & SAMLeon Stigter
 

More from Leon Stigter (14)

Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes… Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
 
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
 
Trusting Your Ingredients - What Building Software And Cheesecake Have In Common
Trusting Your Ingredients - What Building Software And Cheesecake Have In CommonTrusting Your Ingredients - What Building Software And Cheesecake Have In Common
Trusting Your Ingredients - What Building Software And Cheesecake Have In Common
 
Building a Kubernetes Powered Central Go Modules Repository
Building a Kubernetes Powered Central Go Modules RepositoryBuilding a Kubernetes Powered Central Go Modules Repository
Building a Kubernetes Powered Central Go Modules Repository
 
Refactoring to Go modules: why and how
Refactoring to Go modules: why and howRefactoring to Go modules: why and how
Refactoring to Go modules: why and how
 
Persistence is futile (or is it?) - How to Manage, Version, and Promote Docke...
Persistence is futile (or is it?) - How to Manage, Version, and Promote Docke...Persistence is futile (or is it?) - How to Manage, Version, and Promote Docke...
Persistence is futile (or is it?) - How to Manage, Version, and Promote Docke...
 
Data Driven DevOps
Data Driven DevOpsData Driven DevOps
Data Driven DevOps
 
Where did my modules GO? Building and deploying Go Apps w/ GoCenter & Codefresh
Where did my modules GO? Building and deploying Go Apps w/ GoCenter & CodefreshWhere did my modules GO? Building and deploying Go Apps w/ GoCenter & Codefresh
Where did my modules GO? Building and deploying Go Apps w/ GoCenter & Codefresh
 
DevOps Theory vs. Practice: A Song of Ice and Tire Fire
DevOps Theory vs. Practice: A Song of Ice and Tire FireDevOps Theory vs. Practice: A Song of Ice and Tire Fire
DevOps Theory vs. Practice: A Song of Ice and Tire Fire
 
The Art of Deploying Artifacts to Production With Confidence
The Art of Deploying Artifacts to Production With ConfidenceThe Art of Deploying Artifacts to Production With Confidence
The Art of Deploying Artifacts to Production With Confidence
 
Project Flogo: Serverless Integration, Powered by Flogo and Lambda
Project Flogo: Serverless Integration, Powered by Flogo and LambdaProject Flogo: Serverless Integration, Powered by Flogo and Lambda
Project Flogo: Serverless Integration, Powered by Flogo and Lambda
 
Project Flogo: An Event-Driven Stack for the Enterprise
Project Flogo: An Event-Driven Stack for the EnterpriseProject Flogo: An Event-Driven Stack for the Enterprise
Project Flogo: An Event-Driven Stack for the Enterprise
 
The Road to a Cloud-First Enterprise
The Road to a Cloud-First EnterpriseThe Road to a Cloud-First Enterprise
The Road to a Cloud-First Enterprise
 
Building serverless apps with Go & SAM
Building serverless apps with Go & SAMBuilding serverless apps with Go & SAM
Building serverless apps with Go & SAM
 

Recently uploaded

Workshop: Enabling GenAI Breakthroughs with Knowledge Graphs - GraphSummit Milan
Workshop: Enabling GenAI Breakthroughs with Knowledge Graphs - GraphSummit MilanWorkshop: Enabling GenAI Breakthroughs with Knowledge Graphs - GraphSummit Milan
Workshop: Enabling GenAI Breakthroughs with Knowledge Graphs - GraphSummit MilanNeo4j
 
GraphSummit Milan & Stockholm - Neo4j: The Art of the Possible with Graph
GraphSummit Milan & Stockholm - Neo4j: The Art of the Possible with GraphGraphSummit Milan & Stockholm - Neo4j: The Art of the Possible with Graph
GraphSummit Milan & Stockholm - Neo4j: The Art of the Possible with GraphNeo4j
 
OpenChain Webinar: AboutCode and Beyond - End-to-End SCA
OpenChain Webinar: AboutCode and Beyond - End-to-End SCAOpenChain Webinar: AboutCode and Beyond - End-to-End SCA
OpenChain Webinar: AboutCode and Beyond - End-to-End SCAShane Coughlan
 
The mythical technical debt. (Brooke, please, forgive me)
The mythical technical debt. (Brooke, please, forgive me)The mythical technical debt. (Brooke, please, forgive me)
The mythical technical debt. (Brooke, please, forgive me)Roberto Bettazzoni
 
Effective Strategies for Wix's Scaling challenges - GeeCon
Effective Strategies for Wix's Scaling challenges - GeeConEffective Strategies for Wix's Scaling challenges - GeeCon
Effective Strategies for Wix's Scaling challenges - GeeConNatan Silnitsky
 
Software Engineering - Introduction + Process Models + Requirements Engineering
Software Engineering - Introduction + Process Models + Requirements EngineeringSoftware Engineering - Introduction + Process Models + Requirements Engineering
Software Engineering - Introduction + Process Models + Requirements EngineeringPrakhyath Rai
 
Jax, FL Admin Community Group 05.14.2024 Combined Deck
Jax, FL Admin Community Group 05.14.2024 Combined DeckJax, FL Admin Community Group 05.14.2024 Combined Deck
Jax, FL Admin Community Group 05.14.2024 Combined DeckMarc Lester
 
Optimizing Operations by Aligning Resources with Strategic Objectives Using O...
Optimizing Operations by Aligning Resources with Strategic Objectives Using O...Optimizing Operations by Aligning Resources with Strategic Objectives Using O...
Optimizing Operations by Aligning Resources with Strategic Objectives Using O...OnePlan Solutions
 
Food Delivery Business App Development Guide 2024
Food Delivery Business App Development Guide 2024Food Delivery Business App Development Guide 2024
Food Delivery Business App Development Guide 2024Chirag Panchal
 
Prompt Engineering - an Art, a Science, or your next Job Title?
Prompt Engineering - an Art, a Science, or your next Job Title?Prompt Engineering - an Art, a Science, or your next Job Title?
Prompt Engineering - an Art, a Science, or your next Job Title?Maxim Salnikov
 
Abortion Pill Prices Jane Furse ](+27832195400*)[ 🏥 Women's Abortion Clinic i...
Abortion Pill Prices Jane Furse ](+27832195400*)[ 🏥 Women's Abortion Clinic i...Abortion Pill Prices Jane Furse ](+27832195400*)[ 🏥 Women's Abortion Clinic i...
Abortion Pill Prices Jane Furse ](+27832195400*)[ 🏥 Women's Abortion Clinic i...Abortion Clinic
 
[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse
[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse
[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypseTomasz Kowalczewski
 
Abortion Pills For Sale WhatsApp[[+27737758557]] In Birch Acres, Abortion Pil...
Abortion Pills For Sale WhatsApp[[+27737758557]] In Birch Acres, Abortion Pil...Abortion Pills For Sale WhatsApp[[+27737758557]] In Birch Acres, Abortion Pil...
Abortion Pills For Sale WhatsApp[[+27737758557]] In Birch Acres, Abortion Pil...drm1699
 
A Deep Dive into Secure Product Development Frameworks.pdf
A Deep Dive into Secure Product Development Frameworks.pdfA Deep Dive into Secure Product Development Frameworks.pdf
A Deep Dive into Secure Product Development Frameworks.pdfICS
 
Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...
Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...
Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...Andrea Goulet
 
Weeding your micro service landscape.pdf
Weeding your micro service landscape.pdfWeeding your micro service landscape.pdf
Weeding your micro service landscape.pdftimtebeek1
 
Automate your OpenSIPS config tests - OpenSIPS Summit 2024
Automate your OpenSIPS config tests - OpenSIPS Summit 2024Automate your OpenSIPS config tests - OpenSIPS Summit 2024
Automate your OpenSIPS config tests - OpenSIPS Summit 2024Andreas Granig
 

Recently uploaded (20)

Abortion Clinic In Johannesburg ](+27832195400*)[ 🏥 Safe Abortion Pills in Jo...
Abortion Clinic In Johannesburg ](+27832195400*)[ 🏥 Safe Abortion Pills in Jo...Abortion Clinic In Johannesburg ](+27832195400*)[ 🏥 Safe Abortion Pills in Jo...
Abortion Clinic In Johannesburg ](+27832195400*)[ 🏥 Safe Abortion Pills in Jo...
 
Abortion Pill Prices Germiston ](+27832195400*)[ 🏥 Women's Abortion Clinic in...
Abortion Pill Prices Germiston ](+27832195400*)[ 🏥 Women's Abortion Clinic in...Abortion Pill Prices Germiston ](+27832195400*)[ 🏥 Women's Abortion Clinic in...
Abortion Pill Prices Germiston ](+27832195400*)[ 🏥 Women's Abortion Clinic in...
 
Abortion Pill Prices Turfloop ](+27832195400*)[ 🏥 Women's Abortion Clinic in ...
Abortion Pill Prices Turfloop ](+27832195400*)[ 🏥 Women's Abortion Clinic in ...Abortion Pill Prices Turfloop ](+27832195400*)[ 🏥 Women's Abortion Clinic in ...
Abortion Pill Prices Turfloop ](+27832195400*)[ 🏥 Women's Abortion Clinic in ...
 
Workshop: Enabling GenAI Breakthroughs with Knowledge Graphs - GraphSummit Milan
Workshop: Enabling GenAI Breakthroughs with Knowledge Graphs - GraphSummit MilanWorkshop: Enabling GenAI Breakthroughs with Knowledge Graphs - GraphSummit Milan
Workshop: Enabling GenAI Breakthroughs with Knowledge Graphs - GraphSummit Milan
 
GraphSummit Milan & Stockholm - Neo4j: The Art of the Possible with Graph
GraphSummit Milan & Stockholm - Neo4j: The Art of the Possible with GraphGraphSummit Milan & Stockholm - Neo4j: The Art of the Possible with Graph
GraphSummit Milan & Stockholm - Neo4j: The Art of the Possible with Graph
 
OpenChain Webinar: AboutCode and Beyond - End-to-End SCA
OpenChain Webinar: AboutCode and Beyond - End-to-End SCAOpenChain Webinar: AboutCode and Beyond - End-to-End SCA
OpenChain Webinar: AboutCode and Beyond - End-to-End SCA
 
The mythical technical debt. (Brooke, please, forgive me)
The mythical technical debt. (Brooke, please, forgive me)The mythical technical debt. (Brooke, please, forgive me)
The mythical technical debt. (Brooke, please, forgive me)
 
Effective Strategies for Wix's Scaling challenges - GeeCon
Effective Strategies for Wix's Scaling challenges - GeeConEffective Strategies for Wix's Scaling challenges - GeeCon
Effective Strategies for Wix's Scaling challenges - GeeCon
 
Software Engineering - Introduction + Process Models + Requirements Engineering
Software Engineering - Introduction + Process Models + Requirements EngineeringSoftware Engineering - Introduction + Process Models + Requirements Engineering
Software Engineering - Introduction + Process Models + Requirements Engineering
 
Jax, FL Admin Community Group 05.14.2024 Combined Deck
Jax, FL Admin Community Group 05.14.2024 Combined DeckJax, FL Admin Community Group 05.14.2024 Combined Deck
Jax, FL Admin Community Group 05.14.2024 Combined Deck
 
Optimizing Operations by Aligning Resources with Strategic Objectives Using O...
Optimizing Operations by Aligning Resources with Strategic Objectives Using O...Optimizing Operations by Aligning Resources with Strategic Objectives Using O...
Optimizing Operations by Aligning Resources with Strategic Objectives Using O...
 
Food Delivery Business App Development Guide 2024
Food Delivery Business App Development Guide 2024Food Delivery Business App Development Guide 2024
Food Delivery Business App Development Guide 2024
 
Prompt Engineering - an Art, a Science, or your next Job Title?
Prompt Engineering - an Art, a Science, or your next Job Title?Prompt Engineering - an Art, a Science, or your next Job Title?
Prompt Engineering - an Art, a Science, or your next Job Title?
 
Abortion Pill Prices Jane Furse ](+27832195400*)[ 🏥 Women's Abortion Clinic i...
Abortion Pill Prices Jane Furse ](+27832195400*)[ 🏥 Women's Abortion Clinic i...Abortion Pill Prices Jane Furse ](+27832195400*)[ 🏥 Women's Abortion Clinic i...
Abortion Pill Prices Jane Furse ](+27832195400*)[ 🏥 Women's Abortion Clinic i...
 
[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse
[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse
[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse
 
Abortion Pills For Sale WhatsApp[[+27737758557]] In Birch Acres, Abortion Pil...
Abortion Pills For Sale WhatsApp[[+27737758557]] In Birch Acres, Abortion Pil...Abortion Pills For Sale WhatsApp[[+27737758557]] In Birch Acres, Abortion Pil...
Abortion Pills For Sale WhatsApp[[+27737758557]] In Birch Acres, Abortion Pil...
 
A Deep Dive into Secure Product Development Frameworks.pdf
A Deep Dive into Secure Product Development Frameworks.pdfA Deep Dive into Secure Product Development Frameworks.pdf
A Deep Dive into Secure Product Development Frameworks.pdf
 
Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...
Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...
Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...
 
Weeding your micro service landscape.pdf
Weeding your micro service landscape.pdfWeeding your micro service landscape.pdf
Weeding your micro service landscape.pdf
 
Automate your OpenSIPS config tests - OpenSIPS Summit 2024
Automate your OpenSIPS config tests - OpenSIPS Summit 2024Automate your OpenSIPS config tests - OpenSIPS Summit 2024
Automate your OpenSIPS config tests - OpenSIPS Summit 2024
 

Trusting Your Ingredients - What Building Software And Cheesecake Have In Common

  • 1. Trusting Your Ingredients What Building Software And Cheesecake Have In Common
  • 2. 27Number of ingredients in this cake mix Let’s talk about numbers! @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 3. 176Safety violations in imported food to Japan in 2016 Let’s talk about numbers! @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved https://www.statista.com/statistics/797574/japan-imported-foods-safety-violations-standards-hazardous-substances-by-country/
  • 4. 976Number of packages installed for @angular/cli Let’s talk about numbers! @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 5. Let’s talk about numbers! @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved For three years in a row more than one billion records have been exposed in the first quarter of the year
  • 6. Let’s talk about numbers! @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved For three years in a row more than one billion records have been exposed in the first quarter of the year
  • 7. • Developer Advocate • Passionate about Serverless, Containers, and all things Cloud • I love dadjokes, cheesecake and APIs Who am i? @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved @LeonStigter Leon Stigter, Developer Advocate
  • 8. Petyr the Pastry Chef Arya the App Dev Introducing our main characters @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 9. • Ingredients • Recipe • Kitchen stuff (whisk, bowl, spatula) • Appliances (oven, fridge) • Fork Making a cheesecake @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 10. • Ingredients • Recipe • Kitchen stuff (whisk, bowl, spatula) • Appliances (oven, fridge) • Fork • Libraries (Jars, Modules, Gems…) • Source code • Dev tools (editor, cli tools, vcs) • Build tools (CI/CD server) • Runtime (K8s) Building an app @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 11. @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved Let’s start with ingredients
  • 12. Will subpar ingredients get me the best cheesecake? The best ingredients for the best cheesecake @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 13. Where do the vendors I use get the ingredients from? Where do I get my ingredients from? @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 14. End-to-End transparency TRUST Traceability What matters for ingredients? @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 15. Where do my ingredients come from? @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 16. Trust, but verify… @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved Do you trust your colleagues? I hope the answer is yes
  • 17. Trust is built with consistency @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved Do you trust the rest of the world?
  • 18. 98% of developers use Open Source tools at work 96% of commercial apps embed Open Source 79% of businesses use Open Source for key systems Do you trust the rest of the world? @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 19. 3407 Number of security vulnerabilities discovered and reported in 2019 https://www.cvedetails.com/vulnerability-list/year-2019/vulnerabilities.html Do you trust the rest of the world? @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 20. I think it is safe to say that… @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved Having trust in where your ingredients come from and who made them is important in both making cheesecake and software
  • 21. @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved Let’s look at transparency
  • 22. Kitchen brand NEFF questioned 1,500 Brits Only 7% thinks it’s important to follow recipes Following the recipe, but add a little of yourself @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 23. Protecting your recipes @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 24. 35 licenses • 13 require you to publish product sources • 4 allow users to ask for sources on hosted software Open source licenses @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved Source: https://choosealicense.com/appendix/
  • 25. Source code Recipes in software @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved Developers programming in DevSecOps environments fix 11x faster than other developers
  • 26. Common faults • Input Validation • Memory Corruption • Numeric Errors • Cryptographic Issues But what about • Hardcoded Passwords, • Missing Validation • Backdoors • Data Anomalies Recipes in software: things to watch for @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 27. Choosing the right equipment @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 28. Providing visibility into your process @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved SECURITY The philosophy of integrating security practices within the DevOps process. #SecurityFirst culture! How? Introducing security earlier in the life cycle of application development
  • 29. Tool selection @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved 77%of developers have a say in which tools their company uses Source: State of the Developer Nation Q3’17
  • 30. • DevSecOps aims to embed security in every part of the application lifecycle – run time, build time and even development time. • It means developing more secure applications faster refusing to accept that the two (secure & fast) are mutually exclusive! Shifting left… @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 31. Providing visibility into your process @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 32. Immutability and repeatability @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved The best way to guarantee issues is force push Immutable dependencies Who doesn’t remember left-pad with Node.js? Lost Dependencies Do you trust your suppliers enough? Internet Issues
  • 33. Making your cheesecake and having it too @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 34. Buildtime, Runtime, and real-time security @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 35. • Ingredients • Recipe • Kitchen stuff (whisk, bowl, spatula) • Appliances (oven, fridge) • Fork • Libraries (Jars, Modules, Gems…) • Source code • Dev tools (editor, cli tools, vcs) • Build tools (CI/CD server) • Runtime (K8s) recap @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 36. Trusting your ingredients Trusting your suppliers Transparency in your process recap @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 37.
  • 38. Thank you! Questions? @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved