Over a million developers have joined DZone.

Strengthening Software Supply Chains for Everyone: Why Grafeas is a Great Idea

DZone's Guide to

Strengthening Software Supply Chains for Everyone: Why Grafeas is a Great Idea

Learn about Grafeas, an open API from Google, IBM, and Red Hat that can help strengthen and secure modern software supply chains.

· DevOps Zone
Free Resource

The Nexus Suite is uniquely architected for a DevOps native world and creates value early in the development pipeline, provides precise contextual controls at every phase, and accelerates DevOps innovation with automation you can trust. Read how in this ebook.

At Sonatype, we've been talking about securing and strengthening software supply chains for quite a while. We've even produced the annual State of the Software Supply Chain report since 2015.

A few years ago, most people had never heard of a "software supply chain." They couldn't quite grasp how applications were being assembled from third-party components. They couldn't see how traditional software development had transformed into a supply chain-like process.

So much has changed in the past six years. Today, we're reaping the benefits of maturing DevOps, containers, and microservices. Development teams everywhere are embracing continuous delivery practices and realizing the importance of maintaining a trusted software supply chain from the very beginning to the very end of the value chain.

The latest evidence of this trend is Grafeas; an open source initiative launched by Google to define a uniform way for auditing and governing the modern software supply chain. Grafeas is an open API designed to expose relevant metadata about artifacts to help customers continuously audit and govern the volume and variety of components and containers flowing through the modern development lifecycle and into production.

Perhaps more than any organization in the world, Google understands that software innovation is a strategic weapon of choice for delivering new customer experiences and creating new markets. Whether you're a bank, a drug maker, an automaker, or a retailer, survival in today's application economy depends on your ability to innovate.

Organizations are fundamentally changing how they build and deliver software to the market. They are shifting from waterfall releases once per quarter; to continuous deployments happening dozens of times a day. Nowadays, innovation is king, speed is critical, and more than ever -- organizations need strong governance and policy enforcement underpinning every phase of their software supply chain.

At Sonatype we have a rich history of supporting open software innovation. From our humble beginning as core contributors to Apache Maven, to supporting the world's largest repository of open source components (Central), to distributing the world's most popular repository manager (Nexus), we value the power of community collaboration.

Grafeas is a terrific idea. Google, IBM, Red Hat, CoreOS, Twistlock, Aqua, jFrog, and Black Duck should be applauded for their initiative.

In keeping with our long-standing commitment to open innovation - Sonatype is excited to add unique value to the Grafeas community so organizations everywhere can automatically strengthen and secure software supply chains early, everywhere, and at scale.

The DevOps Zone is brought to you in partnership with Sonatype Nexus.  See how the Nexus platform infuses precise open source component intelligence into the DevOps pipeline early, everywhere, and at scale. Read how in this ebook

devops ,google ,api ,supply chain

Published at DZone with permission of Brian Fox, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}