IBM is joining forces with Google to create and open source the Grafeas project, which is an open source initiative to define a uniform way for auditing and governing the modern software supply chain.
Grafeas (“scribe” in Greek) provides a central source of truth for tracking and enforcing policies across an ever growing set of software development teams and pipelines. The idea is to provide a central store that other applications and tools can query to retrieve metadata on software components of all kinds.
IBM is also working on Kritis, a component which allows organizations to set Kubernetes governance policies based on metadata stored in Grafeas.
