菜单

本页面中的信息并不完全以您的首选语言展示,我们正在完善其他语言版本。想要以您的首选语言了解相关信息,可以点击这里下载PDF。

工具

Grafeas

NOT ON THE CURRENT EDITION
This blip is not on the current edition of the radar. If it was on one of the last few editions it is likely that it is still relevant. If the blip is older it might no longer be relevant and our assessment might be different today. Unfortunately, we simply don't have the bandwidth to continuously review blips from previous editions of the radarUnderstand more
Nov 2018
评估?

We're continually on the lookout for tools and techniques that allow delivery teams to work independently from the rest of a larger organization while staying within its security and risk guardrails. Grafeas is such a tool. It lets organizations publish authoritative metadata about software artifacts—Docker images, libraries, packages—that is then accessible from build scripts or other automated compliance controls. The access control mechanisms allow for a separation of responsibility between the teams that publish approvals or vulnerabilities and the teams that build and deploy software. Although several organizations, including Google and JFrog, use Grafeas in their workflows, note that the tool is still in alpha.