BoF: Grafeas: Using Artifact Metadata to Audit, Govern, and Secure Your Software Supply Chain
![BoF: Grafeas: Using Artifact Metadata to Audit, Govern, and Secure Your Software Supply Chain](/2017/images/all/lf_huffc03acb4b89c823f315cae16e4b2e6b_29065_900x500_fit_q75_box.jpg)
Building software at scale requires strong governance of the software supply chain, and strong governance requires good data. This BoF will be a discussion around the recently launched Grafeas ("scrib …
Talk Title | BoF: Grafeas: Using Artifact Metadata to Audit, Govern, and Secure Your Software Supply Chain |
Speakers | Wendy Dembowski (Staff Software Engineer, Google), Stephen Elliott (Product Manager, Google), Graeme Hay (Managing Director, Global Head of Enterprise and Cloud Engineering, Morgan Stanley) |
Conference | KubeCon + CloudNativeCon North America |
Conf Tag | |
Location | Austin, TX, United States |
Date | Dec 4- 8, 2017 |
URL | Talk Page |
Slides | Talk Slides |
Video | |
Building software at scale requires strong governance of the software supply chain, and strong governance requires good data. This BoF will be a discussion around the recently launched Grafeas (“scribe”) open source project (see grafeas.io), whose goal is to provide organizations with a central source of truth for tracking artifacts and enforcing policies across an ever growing set of software development teams and pipelines. Part of the Grafeas project is Kritis (“judge”), a Kubernetes policy engine that lets organizations do real-time enforcement of container properties at deploy time for Kubernetes clusters. To kick off the discussion, Google and other Grafeas collaborators will give an overview of the Grafeas project.