Menu
Global vendors join forces for software supply chain API

Global vendors join forces for software supply chain API

Teams up with IBM, Red Hat, JFrog and others

Google has teamed up with the likes of IBM, Red Hat and JFrog to launch a new open source initiative aimed at defining a uniform way for auditing and governing software supply chains.

The new application processing interface (API), named Grafeas – or ‘scribe’ in Greek, provides users with a central source of information for tracking and enforcing policies across sets of software development teams and pipelines.

The open source project was a joint effort between Google, JFrog, Red Hat, IBM, Black Duck, Twistlock, Aqua Security and CoreOS, with Google saying it built Grafeas to promote cross-vendor collaboration and compatibility.

“At each stage of the software supply chain (code, build, test, deploy and operate), different tools generate metadata about various software components,” Google said in a blog post.

“Examples include the identity of the developer, when the code was checked in and built, what vulnerabilities were detected, what tests were passed or failed, and so on. This metadata is then captured by Grafeas.”

According to Google, the API can provide visibility for software development, test and operations teams, as well as CIOs.

Build, auditing and compliance tools can use the Grafeas API to store, query and retrieve comprehensive metadata on software components of all kinds, according to Google.

“Grafeas offers a central, structured knowledge-base of the critical metadata organisations need to successfully manage their software supply chains,” Google said.

“It reflects best practices Google has learned building internal security and governance solutions across millions of releases and billions of containers.”

As part of Grafeas, Google is also introducing Kritis, a Kubernetes policy engine that is designed to help users enforce more secure software supply chain policies.

Kritis is aimed at facilitating real-time enforcement of container properties at deploy time for Kubernetes clusters based on attestations of container image properties.

“Grafeas and Kritis actually help us achieve better security while letting developers focus on their code. We look forward to more companies integrating with the Grafeas and Kritis projects,” Shopify senior security engineer, Jonathan Pulsifer, said.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags GoogleIBMRed HatJFrog

Events

Why experience is the new battleground for partners

Join us for an exclusive webinar, in association with Hewlett Packard Enterprise and Technology Services Industry Association (TSIA) and learn about the latest industry insights and how technology services continue to evolve to deliver differentiated value, and how partners can be successful in 2021 and beyond.

Featured

Slideshows

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

Hundreds of leaders from the New Zealand IT industry gathered at the Hilton in Auckland on 17 November to celebrate the finest female talent in the Kiwi channel and recognise the winners of the Reseller News Women in ICT Awards (WIICTA) 2020.

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards
Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

The leading female front runners of the New Zealand ICT industry joined together for the annual Reseller News Women in ICT Awards event at the Hilton in Auckland, during which hundreds of guests celebrated 13 outstanding individuals who won awards, chosen from more than 50 finalists representing over 30 organisations.

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards
Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

More than 500 channel leaders gathered in Auckland on 21 October at the ​Reseller News Innovation Awards ​2020 to celebrate the achievements of the New Zealand technology industry's top partners, start-ups, vendors, distributors and individuals.

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners
Show Comments