Grafeas Project Debuts to Improve Kubernetes Supply Chain Security

Understanding where software comes from and how it was built is a cornerstone of good security hygiene. In an effort to help further improve security for the open-source Kubernetes container orchestration platform, multiple vendors have come together to launch the Grafeas project.

Grafeas which means scribe in Greek, is an open-source project that is intended to provide audit and governance capabilities for the microservices container software supply chain. The effort is being backed by Google and has the support of JFrog, Red Hat, IBM, Black Duck, Twistlock, Aqua Security, and CoreOS.