0 0
Disclosure: This page uses affiliate links.When you click an affliate link,we get a small compensation at no cost to you.Thanks for your support!Learn more
Read Time:1 Minute, 12 Second

As organizations break down large systems into container-based microservices, it becomes harder to track all the pieces.To handle this,Google, JFrog, Red Hat, IBM, Black Duck, Twistlock, Aqua Security and CoreOS recently announced Grafeas , a new joint open-source project that provides users with a standardized way for auditing and governing for computing components & their software supply chain.

Grafeas offers a central, structured knowledge-base of the critical metadata organizations need to successfully manage their software supply chains.

  • Using immutable infrastructure (e.g., containers) to establish preventative security postures against persistent advanced threats
  • Building security controls into the software supply chain, based on comprehensive component metadata and security attestations, to protect production deployments
  • Keeping the system flexible and ensuring interoperability of developer tools around common specifications and open-source software

Grafeas defines metadata API spec for computing components (e.g., VM images, container images, jar files, scripts) that can assist with aggregations over your metadata. This means keeping a record of authorship and code provenance, recording the deployment of each piece of code, marking whether code passed a security scan, which components it uses and whether Q&A signed off on it.

So before a new piece of code is deployed, the system can check all of the info about it through the Grafeas API and if it’s certified and free of vulnerabilities, then it can get pushed into production.

To learn more about Grafeas,visit GitHub

About Post Author

Karthik

Allo! My name is Karthik,experienced IT professional.Upnxtblog covers key technology trends that impacts technology industry.This includes Cloud computing,Blockchain,Machine learning & AI,Best mobile apps, Best tools/open source libs etc.,I hope you would love it and you can be sure that each post is fantastic and will be worth your time.
Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
0 %

Average Rating

5 Star
0%
4 Star
0%
3 Star
0%
2 Star
0%
1 Star
0%

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.