
IBM and Google Team Up to Tackle Developer Security Challenges - jcasman
https://developer.ibm.com/dwblog/2017/grafeas/
======
codetricity
The Google blog lists a number of companies that are implementing Grafeas.

[https://cloudplatform.googleblog.com/2017/10/introducing-
gra...](https://cloudplatform.googleblog.com/2017/10/introducing-grafeas-open-
source-api-.html)

The GitHub repository is here.
[https://github.com/Grafeas/Grafeas](https://github.com/Grafeas/Grafeas)

The GitHub README.md has the most concise description of Grafeas, which is a
metadata API specification. It further explaisn note and occurrence. I think
that reading through the README.md of the Grafeas project first might help to
understand the blogs by Google and IBM.

[https://github.com/Grafeas/Grafeas/blob/master/README.md](https://github.com/Grafeas/Grafeas/blob/master/README.md)

When can I use this as part of the IBM Cloud? Any speculation? Can I use it on
the Google Cloud? It seems like Black Duck integrating it with the Google
Cloud [https://blog.blackducksoftware.com/black-duck-google-
grafeas](https://blog.blackducksoftware.com/black-duck-google-grafeas)

Or, do I need to install this myself?

~~~
danberg
Thank you for your interest in Grafeas and the IBM Cloud.

Yes we do have plans to integrate Grafeas and Kritis with the IBM Cloud
Container Service as well as extend Grafeas with security services such as
Vulnerability Advisor. Timing TBD. Until that time, I expect that the
grafeas.io site will eventually have instructions to install and run Grafeas
locally or within various cloud providers.

\- Dan

~~~
codetricity
@danberg, thanks for the information. If you have any updates, please post
them here.

It looks like the README.md for Grafeas was updated a few times in the last
few days.

[https://github.com/Grafeas/Grafeas/commits/master/README.md](https://github.com/Grafeas/Grafeas/commits/master/README.md)

This section of the README.md is interesting:

TODO:Document the process for adding a new kind to the spec and generating the
model, documents, and client libraries to include that kind. #38

Hopefully, these types of things will be fully explained when we see companies
like IBM commercialize Grafeas and offer it as a service.

------
codetricity
I just saw this TechCrunch article on the topic by Frederic Lardinois
[https://techcrunch.com/2017/10/12/google-ibm-and-others-
laun...](https://techcrunch.com/2017/10/12/google-ibm-and-others-launch-new-
open-source-api-for-keeping-tabs-on-software-supply-
chains/?ncid=mobilenavtrend)

