Containers are becoming a new way for organizations to maximize their cloud investment and resources, but are also expanding the amount of data within those cloud deployments. That’s great for innovation, but pity the poor soul that needs to track all of that data.
Working with a handful of partners, Google launched the Grafeas project, which was established to provide an application programming interface (API) for auditing and governance of the software supply chain.
An organization’s build, auditing, and compliance tools can use the standardized Grafeas API to store, query, and retrieve metadata on software components within their software pipeline. This standardized approach is designed to ease the use of automated processes for adding and retrieving data from software repositories.
Grafeas can access data across cloud deployment models, and includes strict control over access rights.
Companies involved in the project launch include JFrog, Red Hat, IBM, Black Duck, Twistlock, Aqua Security, and CoreOS. All of the partners are either implementing Grafeas into products or evaluating such a move. More partners are expected to be added to the project beginning early next year.
The security companies that are part of the group noted Grafeas’ ability to see what’s happening inside a container deployment can allow for the scanning of security vulnerabilities. Organizations can access that scanned data using the Grafeas API.
Kritis for Kubernetes
The second project is a Kubernetes policy engine dubbed Kritis. The platform allows organizations to conduct real-time enforcement of container properties when a Kubernetes-based cluster is being deployed.
Enforcement policies are based on proof of container image properties that are stored in Grafeas. This allows organizations to weed out potential vulnerabilities of images to be used in a container.
Kritis can be implemented by using a Google plugin connecting the platform into Kubernetes.
Jason McGee, vice president for IBM’s Cloud Platform, described Kristis as a “real-time enforcement chokepoint at the container deploy time for Kubernetes clusters, and demonstrates how to build strong governance tools with Grafeas as the foundation.”
The latest projects join recent platform launches designed to better manage container deployments.
As an example, Oracle launched its Container Native Application Development Platform, which includes a managed Kubernetes service, a private container registry, and a container lifecycle management CI/CD service. Rancher Labs added support for Kubernetes to its container management platform.
In a recent survey conducted by SDxCentral, 55 percent of respondents that are not currently using container technology said a “lack of maturity” was the main reason for their reluctance. Twenty-seven percent noted a “lack of management and deployment tools” was holding them back, while 24 percent said they “don’t know how to scale containers yet.”