News Grafeas Standardizes Container-Based Software Supply Chains

Grafeas Standardizes Container-Based Software Supply Chains

A host of companies — Google, JFrog, Red Hat, IBM, Black Duck, Twistlock, Aqua Security and CoreOS — have announced a new open source project called Grafeas that aims to standardize the software supply chain. Designed for application architecture built on microservices and containers, Grafeas collects metadata related to code deployments and build pipelines, making it easier to track who wrote a piece of code, whether it has passed security testing and which other software it depends on.

Several of the companies involved in the Grafeas project plan to integrate it into their products. Shopify has tested out the tool and said, “Using Grafeas as the central source of truth for container metadata has allowed the security team to answer these questions and flesh out appropriate auditing and lifecycling strategies for the software we deliver to users at Shopify.”

View article

Latest Posts

Related Stories