Google and IBM, together with a few other partners, released an open-source project that gathers metadata that developers can use to secure their software. According to an IBM blog post, the goal of the project is to help developers keep security standards, while microservices and containers cut the software supply chain. Grafeas was built as a container security API. IBM, on the other hand, will add its own container scanning tool, Vulnerability Advisor, into Grafeas. IBM said it will be a "central source of truth," when it comes to enforcing security policies. The API will collect the metadata defining a user’s software…
[Continue Reading]