金融行业快速合规的 CI_CD 流水线（由 Octopus Deploy 赞助）.pdf

1、 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.I N D 2 1 7-SJames ChatmasFast and compliant CI/CD pipelines in the financial industryPrincipal So

2、lution EngineerOctopus Deploy 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.What well coverThe new reality of supply-chain attacksLive demo:Zero-trust CI/CD pipelineDeployment governance&enforcement 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Supply-chain

3、attacks are the#1 enterprise risk in 2025 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.75%Organizations that have experienced a software supply chain attack within the last year.-BlackBerrySupply-chain attacks are the#1 enterprise risk in 2025 2025,Amazon Web Services,Inc.or it

4、s affiliates.All rights reserved.Reality of modern pipelines 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Reality of modern pipelinesBuild 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Reality of modern pipelinesBuildDeploy 2025,Amazon Web Services,Inc.or i

5、ts affiliates.All rights reserved.Reality of modern pipelinesBuildDeployHours Days Sometimes weeks 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Reality of modern pipelinesBuildDeployHours Days Sometimes weeksDrift/Manipulation/Critical fix published 2025,Amazon Web Services,Inc

6、.or its affiliates.All rights reserved.Supply chain security key concepts 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Software Bill of Materials(SBOM)What went into the buildSupply chain security key conceptsA complete list of third-party libraries and components included in y