In a recent Google Cloud Platform (GCP) blog series exploring container security the GCP team have presented further details of an existing and proposed open source software supply chain project. First, Grafeas is a common API and language to store, query and retrieve metadata about software components such as build details, test status, and known security issues.

Read full news article on InfoQ