Google and friends open-source Grafeas API to clean up software supply chains - SiliconANGLE
The problem with this new approach to software development is that businesses need to know who built what and where.
and CoreOS Inc. They’ve all joined forces to create a new application programming interface called Grafeas, which is an open source initiative to “define a uniform way for auditing and governing the modern software supply chain.
Grafeas’ job is to capture all of this metadata and make it accessible to users, providing greater visibility into the entire software supply chain.
“Build, auditing, and compliance tools can use the Grafeas API to store, query, and retrieve comprehensive metadata on software components of all kinds.