Grafeas Standardizes Container-Based Software Supply Chains

by Developer.com Staff

The open source tool will make it easier to manage applications built on microservices and containers.

A host of companies — Google, JFrog, Red Hat, IBM, Black Duck, Twistlock, Aqua Security and CoreOS — have announced a new open source project called Grafeas that aims to standardize the software supply chain. Designed for application architecture built on microservices and containers, Grafeas collects metadata related to code deployments and build pipelines, making it easier to track who wrote a piece of code, whether it has passed security testing and which other software it depends on.

Several of the companies involved in the Grafeas project plan to integrate it into their products. Shopify has tested out the tool and said, “Using Grafeas as the central source of truth for container metadata has allowed the security team to answer these questions and flesh out appropriate auditing and lifecycling strategies for the software we deliver to users at Shopify.”

View article

This article was originally published on Friday Oct 13th 2017
Mobile Site | Full Site