Menu
Global vendors join forces for software supply chain API

Global vendors join forces for software supply chain API

Teams up with IBM, Red Hat, JFrog and others

Google has teamed up with the likes of IBM, Red Hat and JFrog to launch a new open source initiative aimed at defining a uniform way for auditing and governing software supply chains.

The new application processing interface (API), named Grafeas – or ‘scribe’ in Greek, provides users with a central source of information for tracking and enforcing policies across sets of software development teams and pipelines.

The open source project was a joint effort between Google, JFrog, Red Hat, IBM, Black Duck, Twistlock, Aqua Security and CoreOS, with Google saying it built Grafeas to promote cross-vendor collaboration and compatibility.

“At each stage of the software supply chain (code, build, test, deploy and operate), different tools generate metadata about various software components,” Google said in a blog post.

“Examples include the identity of the developer, when the code was checked in and built, what vulnerabilities were detected, what tests were passed or failed, and so on. This metadata is then captured by Grafeas.”

According to Google, the API can provide visibility for software development, test and operations teams, as well as CIOs.

Build, auditing and compliance tools can use the Grafeas API to store, query and retrieve comprehensive metadata on software components of all kinds, according to Google.

“Grafeas offers a central, structured knowledge-base of the critical metadata organisations need to successfully manage their software supply chains,” Google said.

“It reflects best practices Google has learned building internal security and governance solutions across millions of releases and billions of containers.”

As part of Grafeas, Google is also introducing Kritis, a Kubernetes policy engine that is designed to help users enforce more secure software supply chain policies.

Kritis is aimed at facilitating real-time enforcement of container properties at deploy time for Kubernetes clusters based on attestations of container image properties.

“Grafeas and Kritis actually help us achieve better security while letting developers focus on their code. We look forward to more companies integrating with the Grafeas and Kritis projects,” Shopify senior security engineer, Jonathan Pulsifer, said.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags GoogleIBMRed HatJFrog

Featured

Slideshows

Reseller News Innovation Awards 2018: meet the top performing partners

Reseller News Innovation Awards 2018: meet the top performing partners

Reseller News honoured the industry’s finest on a standout evening for the New Zealand channel, recognising the achievements of established partners, emerging players and innovative start-ups, in front of over 460 technology leaders in Auckland.

Reseller News Innovation Awards 2018: meet the top performing partners
Champagne Reception kicks off Reseller News Innovation Awards 2018

Champagne Reception kicks off Reseller News Innovation Awards 2018

More than 460 channel leaders came together to toast the top performers of the New Zealand industry, during the opening Champagne Reception at the Reseller News Innovation Awards 2018 - in association with Techbuyer.

Champagne Reception kicks off Reseller News Innovation Awards 2018
Chasing innovation: how Kiwi partners can create a new customer agenda

Chasing innovation: how Kiwi partners can create a new customer agenda

This exclusive Reseller News Roundtable - in association with Rhipe and Microsoft - detailed a blueprint for customer success, outlining the new role of the modern-day partner and wider network in New Zealand.

Chasing innovation: how Kiwi partners can create a new customer agenda
Show Comments