JFrog

Google and IBM to jointly address developer security challenges with Grafeas

Google and IBM recently joined forces to create and open source the Grafeas project, with an aim to provide developers a structured way of auditing and governing the modern software supply chains. Grafeas provides an open API that collects and aggregates the metadata generated at various stages of software supply chain. The metadata store and enforcement point help in gaining visibility into development environments and in enforcing policies without slowing down the development teams. IBM has an in-built Vulnerability Advisor into its Container service as a part of DevOps process that scans the container images and detects software package vulnerability and poor software configurations. It further makes a risk assessment for the contained software. To build a more comprehensive security an...

Skip to toolbar