dcsimg
August 20, 2018
Hot Topics:

Grafeas Standardizes Container-Based Software Supply Chains

  • October 13, 2017
  • By Developer.com Staff

A host of companies — Google, JFrog, Red Hat, IBM, Black Duck, Twistlock, Aqua Security and CoreOS — have announced a new open source project called Grafeas that aims to standardize the software supply chain. Designed for application architecture built on microservices and containers, Grafeas collects metadata related to code deployments and build pipelines, making it easier to track who wrote a piece of code, whether it has passed security testing and which other software it depends on.

Several of the companies involved in the Grafeas project plan to integrate it into their products. Shopify has tested out the tool and said, “Using Grafeas as the central source of truth for container metadata has allowed the security team to answer these questions and flesh out appropriate auditing and lifecycling strategies for the software we deliver to users at Shopify.”

View article






Comment and Contribute

 


(Maximum characters: 1200). You have characters left.

 

 


Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that developer.com may send you developer offers via email, phone and text message, as well as email offers about other products and services that developer believes may be of interest to you. developer will process your information in accordance with the Quinstreet Privacy Policy.

Sitemap

Thanks for your registration, follow us on our social networks to keep up-to-date