January 27, 2021
Hot Topics:

Grafeas Standardizes Container-Based Software Supply Chains

  • By Developer.com Staff

A host of companies — Google, JFrog, Red Hat, IBM, Black Duck, Twistlock, Aqua Security and CoreOS — have announced a new open source project called Grafeas that aims to standardize the software supply chain. Designed for application architecture built on microservices and containers, Grafeas collects metadata related to code deployments and build pipelines, making it easier to track who wrote a piece of code, whether it has passed security testing and which other software it depends on.

Several of the companies involved in the Grafeas project plan to integrate it into their products. Shopify has tested out the tool and said, “Using Grafeas as the central source of truth for container metadata has allowed the security team to answer these questions and flesh out appropriate auditing and lifecycling strategies for the software we deliver to users at Shopify.”

View article

This article was originally published on October 13, 2017

Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.

Thanks for your registration, follow us on our social networks to keep up-to-date