dcsimg
November 21, 2017
Hot Topics:

Grafeas Standardizes Container-Based Software Supply Chains

  • October 13, 2017
  • By Developer.com Staff

A host of companies — Google, JFrog, Red Hat, IBM, Black Duck, Twistlock, Aqua Security and CoreOS — have announced a new open source project called Grafeas that aims to standardize the software supply chain. Designed for application architecture built on microservices and containers, Grafeas collects metadata related to code deployments and build pipelines, making it easier to track who wrote a piece of code, whether it has passed security testing and which other software it depends on.

Several of the companies involved in the Grafeas project plan to integrate it into their products. Shopify has tested out the tool and said, “Using Grafeas as the central source of truth for container metadata has allowed the security team to answer these questions and flesh out appropriate auditing and lifecycling strategies for the software we deliver to users at Shopify.”

View article


Share



Comment and Contribute

 


(Maximum characters: 1200). You have characters left.

 

 


Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.

Sitemap | Contact Us

Thanks for your registration, follow us on our social networks to keep up-to-date