Diese Präsentation wurde erfolgreich gemeldet.
Die SlideShare-Präsentation wird heruntergeladen. ×

The Future of Continuous Software Updates Is Here

Ad

The Future of
Continuous Software Updates
Is Here
Jan2020

Ad

Legal Disclaimer
This presentation is strictly private and confidential and is intended only for the use of persons to who...

Ad

@greenido
ido-green.appspot.com

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Wird geladen in …3
×

Hier ansehen

1 von 38 Anzeige
1 von 38 Anzeige

The Future of Continuous Software Updates Is Here

Herunterladen, um offline zu lesen

DevOps and “Liquid Software” release practices are rapidly becoming the standard. But, as software shapes digital transformation, DevOps teams are feeling challenged to manage their growing influence on corporations’ success or failure.

In this talk, Ido Green looks into the growing pains that most enterprises (many of them JFrog customers) face when adopting and consolidating DevOps at scale, and how these challenges are being mitigated with end-to-end platform solutions. We’ll wrap up with some DevOps best practices - from the trenches - that will help you address emerging trends that your bosses’ bosses really care about.

DevOps and “Liquid Software” release practices are rapidly becoming the standard. But, as software shapes digital transformation, DevOps teams are feeling challenged to manage their growing influence on corporations’ success or failure.

In this talk, Ido Green looks into the growing pains that most enterprises (many of them JFrog customers) face when adopting and consolidating DevOps at scale, and how these challenges are being mitigated with end-to-end platform solutions. We’ll wrap up with some DevOps best practices - from the trenches - that will help you address emerging trends that your bosses’ bosses really care about.

Weitere Verwandte Inhalte

Ähnlich wie The Future of Continuous Software Updates Is Here (20)

The Future of Continuous Software Updates Is Here

  1. 1. The Future of Continuous Software Updates Is Here Jan2020
  2. 2. Legal Disclaimer This presentation is strictly private and confidential and is intended only for the use of persons to whom it has specifically been given by JFrog. Without the prior written consent of JFrog, this presentation should not be disclosed to any other person, company, partnership or other entity, or reproduced in whole or in part. This presentation and the accompanying oral presentation regarding JFrog include forward-looking statements, including but not limited statements regarding our business strategy, plans and objectives for future operations, market size and growth opportunities, competitive position and technological and market trends. We have based these forward-looking statements largely on our current expectations and projections about future events and financial trends that we believe may affect our financial condition, results of operations, and business strategy. These forward-looking statements are subject to a number of risks, uncertainties and assumptions. In light of these risks, uncertainties and assumptions, the future events and trends discussed in these presentations may not occur and actual results could differ materially from our current expectations. JFrog does not assume any obligation to update the forward-looking statements provided to reflect events that occur or circumstances that exist after the date on which they were made, except as required by law. This presentation is for marketing purposes only and does not constitute an offer to sell or a solicitation of an offer to buy any securities of JFrog.
  3. 3. @greenido ido-green.appspot.com
  4. 4. JFROG’S MISSION IS TO POWER ALL THE SOFTWARE UPDATES IN THE WORLD
  5. 5. Politics Food & Water Healthcare Transportation Energy Social Interaction EVERYTHING RUNS ON SOFTWARE
  6. 6. WHY APPLICATION UPDATES MATTER
  7. 7. “During the update process you will not be able to drive the vehicle” SOFTWARE UPDATES MATTER
  8. 8. INTEGRATED ECOSYSTEM +50 technology partners Hosted offering on all public clouds CONTINUOUS SECURITY Vulnerability scanning for major artifacts and container images with package expansion JFROG’S UNIFIED APPROACH HYBRID AND MULTI-CLOUD From OSS to multi-cloud From legacy apps to Kubernetes RADICALLY UNIVERSAL Any binary, any stack, any DevOps tool END-TO-END PLATFORM Shared visibility, governance, and control across pipelines from Git to K8s, and everything in between SCALES TO INFINITY We don’t blink at xxx/min
  9. 9. Streamlining the flow and supply chain of artifacts is essential to increasing release velocity and quality. How did we go about it? ARTIFACTS ARE THE BUILDING BLOCKS OF SOFTWARE
  10. 10. CODE REPOSITORIES CI/CD SYSTEMS Automate & assembled SECURITY AND COMPLIANCE Removing risk while building PACKAGE MANAGEMENT The ”Database of DevOps” DISTRIBUTION SYSTEMS Push software packages fast and secure END USERS & THE EDGE Updating everything continuously Key Components to Deliver Software RUNTIME & PRODUCTION BUILD TEST RELEASE DEPLOYCODE OPERATE Dev Ops EFFICIENT & INTERGRATED DEVOPS PROCESSES
  11. 11. Metadata Policies Processes Methods Secrets A Universe of Technologies Optimized & Standardized Delivered In One Place Seamlessly Released to Everyone Devices Servers Teams Customers Artifacts Security Storage Automation Distribution Unified in One Platform BRINGING ORDER TO SOFTWARE CHAOS
  12. 12. THE CENTER OF THE SOFTWARE RELEASE PROCESS Integrated platform to manage any delivery environment Cloud Packages CI/CD Containers Deployment Tools/Testing
  13. 13. THE ECOSYSTEM STRENGTHENING UNIVERSALITY By partnering with other companies within the DevOps pipeline ecosystem, we are improving the way our customers can use JFrog solutions in their workflow.
  14. 14. 24/7 Dedicated Support + DevOps Acceleration Service Arm THE JFROG PLATFORM BUILD TEST RELEASE DEPLOY Continuously integrate automate & deploy Clear security and compliance issues Distribute to production site Control and monitor the flow On Premises & Multicloud Store and manage all types of packages
  15. 15. JFROG PLATFORM UNIFIED
  16. 16. UNIFIED INNOVATION Trusted communication Metrics and request tracing Unified UI infrastructure Unified Installation Logging and supportability
  17. 17. DevOps is about making software development and delivery FRICTIONLESS
  18. 18. WHAT IS JFROG PIPELINES?  STREAMLINES THE PROCESS of software development and delivery across teams and tools  PROVIDING ACTIONABLE INSIGHTS that enable continuous improvement CI & CD platform
  19. 19. WHAT DOES FRICTIONLESS MEAN? Code Build Push Scan Test Promote Bundle Sign Distribute Deploy Automated Repeatable Traceable Immutable Typical Software Development Workflow THE PROCESS THE PACKAGES
  20. 20. KEY CONCEPTS  STEPS are executable units that perform a specific task, such as building an application, pushing it to Artifactory, provisioning a machine, etc  RESOURCES contain information required to execute steps. For example, files, images, git repositories, etc  INTEGRATIONS contain credentials to third-party tools/services, such as AWS, Slack, Github, etc  PIPELINE is a collection of interconnected serial or parallel steps required to achieve an outcome  RUN is an instance of pipeline execution
  21. 21. KEY CAPABILITIES SPEED SIMPLICITY SCALABILITY SECURITY  Caching for packages, steps and nodes  Immutable Resources to share across teams  Built-in State to store precious build state  Real-time interactive dashboards  Native Steps for common actions  Standardized syntax across all DevOps tasks  Integrated with all JFrog products  Step Dev Kit to extend the platform (H2 2020)  Scales horizontally to support 1000s of apps  Elastic builds nodes for hybrid & multi cloud  1 CI/CD tool for all OS, lang, arch & platforms  Universal, supports all popular tools and tech  Centralized Secrets using Vault  Each build on its own node  Rich permission model with scopes  TTL expiration for all builds
  22. 22. MIX & MATCH AUTOMATION CONTINUOUS INTEGRATION CONTINUOUS DEPLOYMENT
  23. 23. DEVSECOPS RELEASE FAST, KEEP SAFE
  24. 24. THE RACE Vulnerability Introduced Vulnerability Discovered You Find It You Fix It HIGHEST SECURITY RISK Exploits Published Hacker Attack Vulnerability Introduced Vulnerability Reported You Find It You Fix It
  25. 25. XRAY OVERVIEW Global Xray DB JXray External Sources AUTOMATIC ACTIONS VIOLATIONS POLICIES WATCHES METADATA COMPONENT GRAPH Security License Repo Repo Fail Build Web Hooks, Slack, Emails Prevent Downloa d Build Build Build
  26. 26. JFROG XRAY step-3create-docker-ima… docker-app:235 sha256_d3938036b19cf… ubuntu:xenial:cryptsetu…
  27. 27. VULNERABILITY INTELLIGENCE 45.5% of the vulnerabilities in VulnDB not published by NVD/CVE in 2018 have a CVSSv2 score between 7-10
  28. 28. PREVENTION AND REMEDIATION Vulnerability Intelligence Component Matching Indexing engine and repository Vertical integration from IDE to production Continuous scanning and Impact analysis Remediation and fix versions
  29. 29. MINIMIZING FALSE POSITIVES AnalyzerCrawler Fetch Data Global Xray DB
  30. 30. NEW ARTIFACT INDEXING SCANNING SETUP POLICY RULES CREATE AUTOMATIC ACTIONS FAIL BUILD NOTIFICATION CRITICAL VIOLATION MINOR VIOLATION SCANS AGAINST SECURITY & COMPLIANCE POLICIES
  31. 31. IMPACT ANALYSIS OSS Licenses Known CVE’s Unofficial Base Image
  32. 32. 24/7 Dedicated Support + DevOps Acceleration Service Arm THE JFROG PLATFORM BUILD TEST RELEASE DEPLOY Continuously integrate automate & deploy Clear security and compliance issues Distribute to production site Control and monitor the flow On Premises & Multicloud Store and manage all types of packages
  33. 33. THANK YOU! @greenido ido-green.appspot.com

Hinweis der Redaktion

  • Software should flow like water in the pipes to the right place at the right time.

    Velocity + Security.
  • Software is eating the world
  • It’s your competitive advantage
  • The need to securely release software faster and seamlessly is an imperative that all organizations currently face
    “DevOps” has emerged as a discipline that combines software development and IT operations, and aims to
    Shorten the software development lifecycle and
    Provide more frequent delivery of high-quality software
    The DevOps workflow spans the lifecycle of software, from the planning, coding, building, and testing of software by developers, to the releasing, deploying, operating, and monitoring of that software by IT operators in a production environment
    DevOps has also shifted to include the process of managing software security, known as DevSecOp
    Today, many organizations utilize a combination of several, disparate tools to manage their DevOps and DevSecOps workflows
  • You can use this quality data from the development phase (integrated with IDEs) up to the runtime.
  • Do you wish to make sure that there aren’t any GPL in your software? Or any other license you wish to avoid?

×