Google, IBM and others launch an open source API for keeping tabs on software supply chains


Thanks to containers and microservices, the way we are building software is quickly changing. But as with all change, these new models also introduce new problems. You probably still want to know who actually built a given container and what’s running in it. To get a handle on this, Google, JFrog, Red Hat, IBM, Black Duck, Twistlock, Aqua Security and CoreOS today announced Grafeas (“scribe” in Greek), a new joint open source project that provides users with a standardized way for auditing and governing their software supply chain.

In addition, Google also launched another new project, Kritis (“judge” in Greek, because after the success of Kubernetes, it would surely be bad luck to pick names in any other language for new Google open source project). Kritis allows…

Read Story