As organizations break down large systems into container-based microservices, it becomes harder to track all the pieces.To handle this,Google, JFrog, Red Hat, IBM, Black Duck, Twistlock, Aqua Security and CoreOS recently announced Grafeas , a new joint open-source project that provides users with a standardized way for auditing and governing for computing components & their software supply chain.
Grafeas offers a central, structured knowledge-base of the critical metadata organizations need to successfully manage their software supply chains.
Grafeas defines metadata API spec for computing components (e.g., VM images, container images, jar files, scripts) that can assist with aggregations over your metadata. This means keeping a record of authorship and code provenance, recording the deployment of each piece of code, marking whether code passed a security scan, which components it uses and whether Q&A signed off on it.
So before a new piece of code is deployed, the system can check all of the info about it through the Grafeas API and if it’s certified and free of vulnerabilities, then it can get pushed into production.
To learn more about Grafeas,visit GitHub
The cryptocurrency market is famed for its volatility, presenting each opportunity and demanding situations for…
Games since time immemorial have been winning at captivating the users and teleporting them onto…
We are living within an innovation curve wherein cutting-edge technologies are making a hustle and…
Whether it’s the healthcare industry or the automobile sector, artificial intelligence has left its impact…
Facts only- The big Artificial Intelligence push is unraveling in 2024. No, it wasn’t merely…
In the fiercely competitive world of Hire Developers for Startup, success hinges not just on…
This website uses cookies.