1.7 KiB
1.7 KiB
title: OCM: Rethinking Software Delivery with a Secure and Standardized Approach
weight: 4
tags:
- security
- delivery
- compliance
Challlenges
Baseline
- Fan-in: SBOM
- Fan-out: Deployment automation
- In the middle: Out dev team and their product
- Questions: How do we transport this stuff
TODO: Steal illustartion
Tooling
- Fan-in: Standard tools (SBOM, Containers, Maven, ...)
- Fan-out: Diverse: Human in the Loop with different tools
- Goal: Standardize everything and shift-left Deployment/Security/Compliance-Concerns
The open component model
Open standard created by SAP
- Suggests standards
- Contains example implementations but does not enforce them
- Constructor: Defines what our product needs to run on a cluster (e.g. HelmChart, Container, ...)
Example
graph LR
SyncAgent-->|with SBOM|PreProduct
UIFramework-->|with SBOM|PreProduct
PreProduct-->|Helm, Cointainer|Product
Product-->|Bundle|AirgappedEnv
subgraph AirgappedEnv
Flux
Kro
end
TL;DR
- We can use the constructor to create a archive that contains our product with all dependencies offline-ready
- We can upload the offline bundle into our airgapped oci registry or directory to our platform
- The resources and contruction bundles are defined as kubernetes CRDs and the cli can be used for upload and download (prbly among other features)
- The deployer defines how our resoruces shall be deploey (e.g. via flux)