SlideShare a Scribd company logo

Trusting Your Ingredients - What Building Software And Cheesecake Have In Common

L
Leon Stigter

I have a confession to make. I love writing code almost as much as I love cheesecake. As a developer, I’ve written code and built apps, and I realized that building apps and creating a cheesecake have a lot in common. In both cases you need to have the right ingredients, you need to trust your suppliers and have transparency in your production process. In this talk, we'll look at how you can, and why you should, know what is in the app you deploy

Software
1 of 38
Trusting Your Ingredients What Building Software And Cheesecake Have In Common
27Number of ingredients in this cake mix Let’s talk about numbers! @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
176Safety violations in imported food to Japan in 2016 Let’s talk about numbers! @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved https://www.statista.com/statistics/797574/japan-imported-foods-safety-violations-standards-hazardous-substances-by-country/
976Number of packages installed for @angular/cli Let’s talk about numbers! @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
Let’s talk about numbers! @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved For three years in a row more than one billion records have been exposed in the first quarter of the year
Let’s talk about numbers! @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved For three years in a row more than one billion records have been exposed in the first quarter of the year
• Developer Advocate • Passionate about Serverless, Containers, and all things Cloud • I love dadjokes, cheesecake and APIs Who am i? @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved @LeonStigter Leon Stigter, Developer Advocate
Petyr the Pastry Chef Arya the App Dev Introducing our main characters @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
• Ingredients • Recipe • Kitchen stuff (whisk, bowl, spatula) • Appliances (oven, fridge) • Fork Making a cheesecake @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
• Ingredients • Recipe • Kitchen stuff (whisk, bowl, spatula) • Appliances (oven, fridge) • Fork • Libraries (Jars, Modules, Gems…) • Source code • Dev tools (editor, cli tools, vcs) • Build tools (CI/CD server) • Runtime (K8s) Building an app @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
@LeonStigter | Copyright © 2019 JFrog. All Rights Reserved Let’s start with ingredients
Will subpar ingredients get me the best cheesecake? The best ingredients for the best cheesecake @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
Where do the vendors I use get the ingredients from? Where do I get my ingredients from? @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
End-to-End transparency TRUST Traceability What matters for ingredients? @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
Where do my ingredients come from? @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
Trust, but verify… @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved Do you trust your colleagues? I hope the answer is yes
Trust is built with consistency @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved Do you trust the rest of the world?
98% of developers use Open Source tools at work 96% of commercial apps embed Open Source 79% of businesses use Open Source for key systems Do you trust the rest of the world? @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
3407 Number of security vulnerabilities discovered and reported in 2019 https://www.cvedetails.com/vulnerability-list/year-2019/vulnerabilities.html Do you trust the rest of the world? @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
I think it is safe to say that… @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved Having trust in where your ingredients come from and who made them is important in both making cheesecake and software
@LeonStigter | Copyright © 2019 JFrog. All Rights Reserved Let’s look at transparency
Kitchen brand NEFF questioned 1,500 Brits Only 7% thinks it’s important to follow recipes Following the recipe, but add a little of yourself @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
Protecting your recipes @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
35 licenses • 13 require you to publish product sources • 4 allow users to ask for sources on hosted software Open source licenses @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved Source: https://choosealicense.com/appendix/
Source code Recipes in software @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved Developers programming in DevSecOps environments fix 11x faster than other developers
Common faults • Input Validation • Memory Corruption • Numeric Errors • Cryptographic Issues But what about • Hardcoded Passwords, • Missing Validation • Backdoors • Data Anomalies Recipes in software: things to watch for @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
Choosing the right equipment @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
Providing visibility into your process @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved SECURITY The philosophy of integrating security practices within the DevOps process. #SecurityFirst culture! How? Introducing security earlier in the life cycle of application development
Tool selection @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved 77%of developers have a say in which tools their company uses Source: State of the Developer Nation Q3’17
• DevSecOps aims to embed security in every part of the application lifecycle – run time, build time and even development time. • It means developing more secure applications faster refusing to accept that the two (secure & fast) are mutually exclusive! Shifting left… @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
Providing visibility into your process @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
Immutability and repeatability @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved The best way to guarantee issues is force push Immutable dependencies Who doesn’t remember left-pad with Node.js? Lost Dependencies Do you trust your suppliers enough? Internet Issues
Making your cheesecake and having it too @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
Buildtime, Runtime, and real-time security @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
• Ingredients • Recipe • Kitchen stuff (whisk, bowl, spatula) • Appliances (oven, fridge) • Fork • Libraries (Jars, Modules, Gems…) • Source code • Dev tools (editor, cli tools, vcs) • Build tools (CI/CD server) • Runtime (K8s) recap @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
Trusting your ingredients Trusting your suppliers Transparency in your process recap @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
Thank you! Questions? @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved

Recommended

Thinking Stateful Serverless
Thinking Stateful ServerlessThinking Stateful Serverless
Thinking Stateful Serverless
Leon Stigter
 
Test driving event-driven apps on kubernetes with kind, tekton, and knative
Test driving event-driven apps on kubernetes with kind, tekton, and knativeTest driving event-driven apps on kubernetes with kind, tekton, and knative
Test driving event-driven apps on kubernetes with kind, tekton, and knative
Leon Stigter
 
Building Event-Driven Workflows with Knative and Tekton
Building Event-Driven Workflows with Knative and TektonBuilding Event-Driven Workflows with Knative and Tekton
Building Event-Driven Workflows with Knative and Tekton
Leon Stigter
 
Data Driven Decisions in DevOps
Data Driven Decisions in DevOpsData Driven Decisions in DevOps
Data Driven Decisions in DevOps
Leon Stigter
 
Every Talk Has To Be Unique @ DevRel Meetup
Every Talk Has To Be Unique @ DevRel Meetup Every Talk Has To Be Unique @ DevRel Meetup
Every Talk Has To Be Unique @ DevRel Meetup
Leon Stigter
 
Continuous Verification in a Serverless World
Continuous Verification in a Serverless WorldContinuous Verification in a Serverless World
Continuous Verification in a Serverless World
Leon Stigter
 
Continuous Verification in a Serverless World
Continuous Verification in a Serverless WorldContinuous Verification in a Serverless World
Continuous Verification in a Serverless World
Leon Stigter
 
Trusting Your Ingredients @DevOpsDays Columbus 2019
Trusting Your Ingredients @DevOpsDays Columbus 2019Trusting Your Ingredients @DevOpsDays Columbus 2019
Trusting Your Ingredients @DevOpsDays Columbus 2019
Leon Stigter
 

Recommended

Thinking Stateful Serverless
Thinking Stateful ServerlessThinking Stateful Serverless
Thinking Stateful Serverless
Leon Stigter
 
Test driving event-driven apps on kubernetes with kind, tekton, and knative
Test driving event-driven apps on kubernetes with kind, tekton, and knativeTest driving event-driven apps on kubernetes with kind, tekton, and knative
Test driving event-driven apps on kubernetes with kind, tekton, and knative
Leon Stigter
 
Building Event-Driven Workflows with Knative and Tekton
Building Event-Driven Workflows with Knative and TektonBuilding Event-Driven Workflows with Knative and Tekton
Building Event-Driven Workflows with Knative and Tekton
Leon Stigter
 
Data Driven Decisions in DevOps
Data Driven Decisions in DevOpsData Driven Decisions in DevOps
Data Driven Decisions in DevOps
Leon Stigter
 
Every Talk Has To Be Unique @ DevRel Meetup
Every Talk Has To Be Unique @ DevRel Meetup Every Talk Has To Be Unique @ DevRel Meetup
Every Talk Has To Be Unique @ DevRel Meetup
Leon Stigter
 
Continuous Verification in a Serverless World
Continuous Verification in a Serverless WorldContinuous Verification in a Serverless World
Continuous Verification in a Serverless World
Leon Stigter
 
Continuous Verification in a Serverless World
Continuous Verification in a Serverless WorldContinuous Verification in a Serverless World
Continuous Verification in a Serverless World
Leon Stigter
 
Trusting Your Ingredients @DevOpsDays Columbus 2019
Trusting Your Ingredients @DevOpsDays Columbus 2019Trusting Your Ingredients @DevOpsDays Columbus 2019
Trusting Your Ingredients @DevOpsDays Columbus 2019
Leon Stigter
 
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes… Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Leon Stigter
 
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Leon Stigter
 
Trusting Your Ingredients - What Building Software And Cheesecake Have In Common
Trusting Your Ingredients - What Building Software And Cheesecake Have In CommonTrusting Your Ingredients - What Building Software And Cheesecake Have In Common
Trusting Your Ingredients - What Building Software And Cheesecake Have In Common
Leon Stigter
 
Building a Kubernetes Powered Central Go Modules Repository
Building a Kubernetes Powered Central Go Modules RepositoryBuilding a Kubernetes Powered Central Go Modules Repository
Building a Kubernetes Powered Central Go Modules Repository
Leon Stigter
 
Refactoring to Go modules: why and how
Refactoring to Go modules: why and howRefactoring to Go modules: why and how
Refactoring to Go modules: why and how
Leon Stigter
 
Persistence is futile (or is it?) - How to Manage, Version, and Promote Docke...
Persistence is futile (or is it?) - How to Manage, Version, and Promote Docke...Persistence is futile (or is it?) - How to Manage, Version, and Promote Docke...
Persistence is futile (or is it?) - How to Manage, Version, and Promote Docke...
Leon Stigter
 
Data Driven DevOps
Data Driven DevOpsData Driven DevOps
Data Driven DevOps
Leon Stigter
 
Where did my modules GO? Building and deploying Go Apps w/ GoCenter & Codefresh
Where did my modules GO? Building and deploying Go Apps w/ GoCenter & CodefreshWhere did my modules GO? Building and deploying Go Apps w/ GoCenter & Codefresh
Where did my modules GO? Building and deploying Go Apps w/ GoCenter & Codefresh
Leon Stigter
 
DevOps Theory vs. Practice: A Song of Ice and Tire Fire
DevOps Theory vs. Practice: A Song of Ice and Tire FireDevOps Theory vs. Practice: A Song of Ice and Tire Fire
DevOps Theory vs. Practice: A Song of Ice and Tire Fire
Leon Stigter
 
The Art of Deploying Artifacts to Production With Confidence
The Art of Deploying Artifacts to Production With ConfidenceThe Art of Deploying Artifacts to Production With Confidence
The Art of Deploying Artifacts to Production With Confidence
Leon Stigter
 
Project Flogo: Serverless Integration, Powered by Flogo and Lambda
Project Flogo: Serverless Integration, Powered by Flogo and LambdaProject Flogo: Serverless Integration, Powered by Flogo and Lambda
Project Flogo: Serverless Integration, Powered by Flogo and Lambda
Leon Stigter
 
Project Flogo: An Event-Driven Stack for the Enterprise
Project Flogo: An Event-Driven Stack for the EnterpriseProject Flogo: An Event-Driven Stack for the Enterprise
Project Flogo: An Event-Driven Stack for the Enterprise
Leon Stigter
 
The Road to a Cloud-First Enterprise
The Road to a Cloud-First EnterpriseThe Road to a Cloud-First Enterprise
The Road to a Cloud-First Enterprise
Leon Stigter
 
Building serverless apps with Go & SAM
Building serverless apps with Go & SAMBuilding serverless apps with Go & SAM
Building serverless apps with Go & SAM
Leon Stigter
 
WWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders AustinWWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders Austin
Patrick Weigel
 
The Key to Digital Success_ A Comprehensive Guide to Continuous Testing Integ...
The Key to Digital Success_ A Comprehensive Guide to Continuous Testing Integ...The Key to Digital Success_ A Comprehensive Guide to Continuous Testing Integ...
The Key to Digital Success_ A Comprehensive Guide to Continuous Testing Integ...
kalichargn70th171
 
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
gapen1
 
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
XfilesPro
 
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
safelyiotech
 
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Julian Hyde
 
Malibou Pitch Deck For Its €3M Seed Round
Malibou Pitch Deck For Its €3M Seed RoundMalibou Pitch Deck For Its €3M Seed Round
Malibou Pitch Deck For Its €3M Seed Round
sjcobrien
 
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
Paul Brebner
 

More Related Content

More from Leon Stigter

Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes… Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Leon Stigter
 
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Leon Stigter
 
Trusting Your Ingredients - What Building Software And Cheesecake Have In Common
Trusting Your Ingredients - What Building Software And Cheesecake Have In CommonTrusting Your Ingredients - What Building Software And Cheesecake Have In Common
Trusting Your Ingredients - What Building Software And Cheesecake Have In Common
Leon Stigter
 
Building a Kubernetes Powered Central Go Modules Repository
Building a Kubernetes Powered Central Go Modules RepositoryBuilding a Kubernetes Powered Central Go Modules Repository
Building a Kubernetes Powered Central Go Modules Repository
Leon Stigter
 
Refactoring to Go modules: why and how
Refactoring to Go modules: why and howRefactoring to Go modules: why and how
Refactoring to Go modules: why and how
Leon Stigter
 
Persistence is futile (or is it?) - How to Manage, Version, and Promote Docke...
Persistence is futile (or is it?) - How to Manage, Version, and Promote Docke...Persistence is futile (or is it?) - How to Manage, Version, and Promote Docke...
Persistence is futile (or is it?) - How to Manage, Version, and Promote Docke...
Leon Stigter
 
Data Driven DevOps
Data Driven DevOpsData Driven DevOps
Data Driven DevOps
Leon Stigter
 
Where did my modules GO? Building and deploying Go Apps w/ GoCenter & Codefresh
Where did my modules GO? Building and deploying Go Apps w/ GoCenter & CodefreshWhere did my modules GO? Building and deploying Go Apps w/ GoCenter & Codefresh
Where did my modules GO? Building and deploying Go Apps w/ GoCenter & Codefresh
Leon Stigter
 
DevOps Theory vs. Practice: A Song of Ice and Tire Fire
DevOps Theory vs. Practice: A Song of Ice and Tire FireDevOps Theory vs. Practice: A Song of Ice and Tire Fire
DevOps Theory vs. Practice: A Song of Ice and Tire Fire
Leon Stigter
 
The Art of Deploying Artifacts to Production With Confidence
The Art of Deploying Artifacts to Production With ConfidenceThe Art of Deploying Artifacts to Production With Confidence
The Art of Deploying Artifacts to Production With Confidence
Leon Stigter
 
Project Flogo: Serverless Integration, Powered by Flogo and Lambda
Project Flogo: Serverless Integration, Powered by Flogo and LambdaProject Flogo: Serverless Integration, Powered by Flogo and Lambda
Project Flogo: Serverless Integration, Powered by Flogo and Lambda
Leon Stigter
 
Project Flogo: An Event-Driven Stack for the Enterprise
Project Flogo: An Event-Driven Stack for the EnterpriseProject Flogo: An Event-Driven Stack for the Enterprise
Project Flogo: An Event-Driven Stack for the Enterprise
Leon Stigter
 
The Road to a Cloud-First Enterprise
The Road to a Cloud-First EnterpriseThe Road to a Cloud-First Enterprise
The Road to a Cloud-First Enterprise
Leon Stigter
 
Building serverless apps with Go & SAM
Building serverless apps with Go & SAMBuilding serverless apps with Go & SAM
Building serverless apps with Go & SAM
Leon Stigter
 

More from Leon Stigter (14)

Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes… Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
 
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
 
Trusting Your Ingredients - What Building Software And Cheesecake Have In Common
Trusting Your Ingredients - What Building Software And Cheesecake Have In CommonTrusting Your Ingredients - What Building Software And Cheesecake Have In Common
Trusting Your Ingredients - What Building Software And Cheesecake Have In Common
 
Building a Kubernetes Powered Central Go Modules Repository
Building a Kubernetes Powered Central Go Modules RepositoryBuilding a Kubernetes Powered Central Go Modules Repository
Building a Kubernetes Powered Central Go Modules Repository
 
Refactoring to Go modules: why and how
Refactoring to Go modules: why and howRefactoring to Go modules: why and how
Refactoring to Go modules: why and how
 
Persistence is futile (or is it?) - How to Manage, Version, and Promote Docke...
Persistence is futile (or is it?) - How to Manage, Version, and Promote Docke...Persistence is futile (or is it?) - How to Manage, Version, and Promote Docke...
Persistence is futile (or is it?) - How to Manage, Version, and Promote Docke...
 
Data Driven DevOps
Data Driven DevOpsData Driven DevOps
Data Driven DevOps
 
Where did my modules GO? Building and deploying Go Apps w/ GoCenter & Codefresh
Where did my modules GO? Building and deploying Go Apps w/ GoCenter & CodefreshWhere did my modules GO? Building and deploying Go Apps w/ GoCenter & Codefresh
Where did my modules GO? Building and deploying Go Apps w/ GoCenter & Codefresh
 
DevOps Theory vs. Practice: A Song of Ice and Tire Fire
DevOps Theory vs. Practice: A Song of Ice and Tire FireDevOps Theory vs. Practice: A Song of Ice and Tire Fire
DevOps Theory vs. Practice: A Song of Ice and Tire Fire
 
The Art of Deploying Artifacts to Production With Confidence
The Art of Deploying Artifacts to Production With ConfidenceThe Art of Deploying Artifacts to Production With Confidence
The Art of Deploying Artifacts to Production With Confidence
 
Project Flogo: Serverless Integration, Powered by Flogo and Lambda
Project Flogo: Serverless Integration, Powered by Flogo and LambdaProject Flogo: Serverless Integration, Powered by Flogo and Lambda
Project Flogo: Serverless Integration, Powered by Flogo and Lambda
 
Project Flogo: An Event-Driven Stack for the Enterprise
Project Flogo: An Event-Driven Stack for the EnterpriseProject Flogo: An Event-Driven Stack for the Enterprise
Project Flogo: An Event-Driven Stack for the Enterprise
 
The Road to a Cloud-First Enterprise
The Road to a Cloud-First EnterpriseThe Road to a Cloud-First Enterprise
The Road to a Cloud-First Enterprise
 
Building serverless apps with Go & SAM
Building serverless apps with Go & SAMBuilding serverless apps with Go & SAM
Building serverless apps with Go & SAM
 

Recently uploaded

WWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders AustinWWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders Austin
Patrick Weigel
 
The Key to Digital Success_ A Comprehensive Guide to Continuous Testing Integ...
The Key to Digital Success_ A Comprehensive Guide to Continuous Testing Integ...The Key to Digital Success_ A Comprehensive Guide to Continuous Testing Integ...
The Key to Digital Success_ A Comprehensive Guide to Continuous Testing Integ...
kalichargn70th171
 
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
gapen1
 
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
XfilesPro
 
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
safelyiotech
 
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Julian Hyde
 
Malibou Pitch Deck For Its €3M Seed Round
Malibou Pitch Deck For Its €3M Seed RoundMalibou Pitch Deck For Its €3M Seed Round
Malibou Pitch Deck For Its €3M Seed Round
sjcobrien
 
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
Paul Brebner
 
Unveiling the Advantages of Agile Software Development.pdf
Unveiling the Advantages of Agile Software Development.pdfUnveiling the Advantages of Agile Software Development.pdf
Unveiling the Advantages of Agile Software Development.pdf
brainerhub1
 
Preparing Non - Technical Founders for Engaging a Tech Agency
Preparing Non - Technical Founders for Engaging a Tech AgencyPreparing Non - Technical Founders for Engaging a Tech Agency
Preparing Non - Technical Founders for Engaging a Tech Agency
ISH Technologies
 
一比一原版(sdsu毕业证书)圣地亚哥州立大学毕业证如何办理
一比一原版(sdsu毕业证书)圣地亚哥州立大学毕业证如何办理一比一原版(sdsu毕业证书)圣地亚哥州立大学毕业证如何办理
一比一原版(sdsu毕业证书)圣地亚哥州立大学毕业证如何办理
kgyxske
 
Webinar On-Demand: Using Flutter for Embedded
Webinar On-Demand: Using Flutter for EmbeddedWebinar On-Demand: Using Flutter for Embedded
Webinar On-Demand: Using Flutter for Embedded
ICS
 
Modelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - AmsterdamModelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - Amsterdam
Alberto Brandolini
 
GreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-JurisicGreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-Jurisic
Green Software Development
 
A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...
A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...
A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...
kalichargn70th171
 
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsUI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
Peter Muessig
 
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
dakas1
 
All you need to know about Spring Boot and GraalVM
All you need to know about Spring Boot and GraalVMAll you need to know about Spring Boot and GraalVM
All you need to know about Spring Boot and GraalVM
Alina Yurenko
 
一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理
dakas1
 
How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?
ToXSL Technologies
 

Recently uploaded (20)

WWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders AustinWWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders Austin
 
The Key to Digital Success_ A Comprehensive Guide to Continuous Testing Integ...
The Key to Digital Success_ A Comprehensive Guide to Continuous Testing Integ...The Key to Digital Success_ A Comprehensive Guide to Continuous Testing Integ...
The Key to Digital Success_ A Comprehensive Guide to Continuous Testing Integ...
 
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
 
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
 
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
 
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)
 
Malibou Pitch Deck For Its €3M Seed Round
Malibou Pitch Deck For Its €3M Seed RoundMalibou Pitch Deck For Its €3M Seed Round
Malibou Pitch Deck For Its €3M Seed Round
 
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
 
Unveiling the Advantages of Agile Software Development.pdf
Unveiling the Advantages of Agile Software Development.pdfUnveiling the Advantages of Agile Software Development.pdf
Unveiling the Advantages of Agile Software Development.pdf
 
Preparing Non - Technical Founders for Engaging a Tech Agency
Preparing Non - Technical Founders for Engaging a Tech AgencyPreparing Non - Technical Founders for Engaging a Tech Agency
Preparing Non - Technical Founders for Engaging a Tech Agency
 
一比一原版(sdsu毕业证书)圣地亚哥州立大学毕业证如何办理
一比一原版(sdsu毕业证书)圣地亚哥州立大学毕业证如何办理一比一原版(sdsu毕业证书)圣地亚哥州立大学毕业证如何办理
一比一原版(sdsu毕业证书)圣地亚哥州立大学毕业证如何办理
 
Webinar On-Demand: Using Flutter for Embedded
Webinar On-Demand: Using Flutter for EmbeddedWebinar On-Demand: Using Flutter for Embedded
Webinar On-Demand: Using Flutter for Embedded
 
Modelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - AmsterdamModelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - Amsterdam
 
GreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-JurisicGreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-Jurisic
 
A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...
A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...
A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...
 
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsUI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
 
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
 
All you need to know about Spring Boot and GraalVM
All you need to know about Spring Boot and GraalVMAll you need to know about Spring Boot and GraalVM
All you need to know about Spring Boot and GraalVM
 
一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理
 
How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?
 

Trusting Your Ingredients - What Building Software And Cheesecake Have In Common

  • 1. Trusting Your Ingredients What Building Software And Cheesecake Have In Common
  • 2. 27Number of ingredients in this cake mix Let’s talk about numbers! @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 3. 176Safety violations in imported food to Japan in 2016 Let’s talk about numbers! @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved https://www.statista.com/statistics/797574/japan-imported-foods-safety-violations-standards-hazardous-substances-by-country/
  • 4. 976Number of packages installed for @angular/cli Let’s talk about numbers! @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 5. Let’s talk about numbers! @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved For three years in a row more than one billion records have been exposed in the first quarter of the year
  • 6. Let’s talk about numbers! @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved For three years in a row more than one billion records have been exposed in the first quarter of the year
  • 7. • Developer Advocate • Passionate about Serverless, Containers, and all things Cloud • I love dadjokes, cheesecake and APIs Who am i? @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved @LeonStigter Leon Stigter, Developer Advocate
  • 8. Petyr the Pastry Chef Arya the App Dev Introducing our main characters @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 9. • Ingredients • Recipe • Kitchen stuff (whisk, bowl, spatula) • Appliances (oven, fridge) • Fork Making a cheesecake @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 10. • Ingredients • Recipe • Kitchen stuff (whisk, bowl, spatula) • Appliances (oven, fridge) • Fork • Libraries (Jars, Modules, Gems…) • Source code • Dev tools (editor, cli tools, vcs) • Build tools (CI/CD server) • Runtime (K8s) Building an app @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 11. @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved Let’s start with ingredients
  • 12. Will subpar ingredients get me the best cheesecake? The best ingredients for the best cheesecake @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 13. Where do the vendors I use get the ingredients from? Where do I get my ingredients from? @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 14. End-to-End transparency TRUST Traceability What matters for ingredients? @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 15. Where do my ingredients come from? @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 16. Trust, but verify… @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved Do you trust your colleagues? I hope the answer is yes
  • 17. Trust is built with consistency @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved Do you trust the rest of the world?
  • 18. 98% of developers use Open Source tools at work 96% of commercial apps embed Open Source 79% of businesses use Open Source for key systems Do you trust the rest of the world? @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 19. 3407 Number of security vulnerabilities discovered and reported in 2019 https://www.cvedetails.com/vulnerability-list/year-2019/vulnerabilities.html Do you trust the rest of the world? @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 20. I think it is safe to say that… @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved Having trust in where your ingredients come from and who made them is important in both making cheesecake and software
  • 21. @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved Let’s look at transparency
  • 22. Kitchen brand NEFF questioned 1,500 Brits Only 7% thinks it’s important to follow recipes Following the recipe, but add a little of yourself @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 23. Protecting your recipes @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 24. 35 licenses • 13 require you to publish product sources • 4 allow users to ask for sources on hosted software Open source licenses @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved Source: https://choosealicense.com/appendix/
  • 25. Source code Recipes in software @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved Developers programming in DevSecOps environments fix 11x faster than other developers
  • 26. Common faults • Input Validation • Memory Corruption • Numeric Errors • Cryptographic Issues But what about • Hardcoded Passwords, • Missing Validation • Backdoors • Data Anomalies Recipes in software: things to watch for @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 27. Choosing the right equipment @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 28. Providing visibility into your process @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved SECURITY The philosophy of integrating security practices within the DevOps process. #SecurityFirst culture! How? Introducing security earlier in the life cycle of application development
  • 29. Tool selection @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved 77%of developers have a say in which tools their company uses Source: State of the Developer Nation Q3’17
  • 30. • DevSecOps aims to embed security in every part of the application lifecycle – run time, build time and even development time. • It means developing more secure applications faster refusing to accept that the two (secure & fast) are mutually exclusive! Shifting left… @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 31. Providing visibility into your process @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 32. Immutability and repeatability @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved The best way to guarantee issues is force push Immutable dependencies Who doesn’t remember left-pad with Node.js? Lost Dependencies Do you trust your suppliers enough? Internet Issues
  • 33. Making your cheesecake and having it too @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 34. Buildtime, Runtime, and real-time security @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 35. • Ingredients • Recipe • Kitchen stuff (whisk, bowl, spatula) • Appliances (oven, fridge) • Fork • Libraries (Jars, Modules, Gems…) • Source code • Dev tools (editor, cli tools, vcs) • Build tools (CI/CD server) • Runtime (K8s) recap @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 36. Trusting your ingredients Trusting your suppliers Transparency in your process recap @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 37.
  • 38. Thank you! Questions? @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved