BoF: Grafeas: Using Artifact Metadata to Audit, Govern, and Secure Your Software Supply Chain
Building software at scale requires strong governance of the software supply chain, and strong governance requires good data. This BoF will be a discussion around the recently launched Grafeas ("scrib …
| Talk Title | BoF: Grafeas: Using Artifact Metadata to Audit, Govern, and Secure Your Software Supply Chain |
| Speakers | Wendy Dembowski (Staff Software Engineer, Google), Stephen Elliott (Product Manager, Google), Graeme Hay (Managing Director, Global Head of Enterprise and Cloud Engineering, Morgan Stanley) |
| Conference | KubeCon + CloudNativeCon North America |
| Conf Tag | |
| Location | Austin, TX, United States |
| Date | Dec 4- 8, 2017 |
| URL | Talk Page |
| Slides | Talk Slides |
| Video | |
Building software at scale requires strong governance of the software supply chain, and strong governance requires good data. This BoF will be a discussion around the recently launched Grafeas (“scribe”) open source project (see grafeas.io), whose goal is to provide organizations with a central source of truth for tracking artifacts and enforcing policies across an ever growing set of software development teams and pipelines. Part of the Grafeas project is Kritis (“judge”), a Kubernetes policy engine that lets organizations do real-time enforcement of container properties at deploy time for Kubernetes clusters. To kick off the discussion, Google and other Grafeas collaborators will give an overview of the Grafeas project.
