---

Open Source Project Grafeas Enforces Kubernetes Supply Chain Security

Although Grafeas isn’t container specific, that’s really what it’s all about. It includes Kritis, a policy engine for enforcing secure software supply chain policies that connects to Kubernetes using the ImagePolicyWebHook plugin. According to Google, Kritis offers “real-time enforcement of container properties at deploy time for Kubernetes clusters based on attestations of container image properties” that are stored in Grafeas.