IBM and Google have also outlined future plans for enhancing container security together.
Google’s Grafeas Project is set to be enhanced by an IBM security tool as the pair collaborates to tackle container security weakpoints.
The Grafeas Project is a Google Cloud API designed to audit and govern supply chains, and it will be implemented with the Vulnerability Advisor tool from IBM.
Vulnerability Advisor is a container scanning tool that is a component of the company’s container service on the IBM Cloud. The tool is able to locate weak software configurations by scanning container images, ultimately leading to a risk report.
By harnessing the Grafeas Project API, Google and IBM intend to be able to ascertain who has built software, heightening security.
This process of keeping tabs on software origins has become increasingly challenging, as software development has become more distributed and a great deal faster.
Jason McGee, VP, IBM Cloud Platform, said: “Containers and microservices are changing the way software is built and deployed. Large monoliths are being replaced with dozens or hundreds of microservices. Quarterly updates are being replaced with continuous deployments happening dozens of times a day. Servers that you love and maintain are switched for ephemeral containers that are constantly replaced.”
Standing firmly behind the notion of collaboration and open community for enhanced security, the team has further plans to use the open API provided by Grafeas to collect dynamic metadata. This capability would open up the ability for organisations to ensure policy compliance across a wide set of software development teams.
Another project planned by the duo is an addition to Grafeas called Kritis, a feature which will empower organisations to implement Kubernetes governance policies. This initiative is intended to provide enforcement, which combined with the mass of metadata harnessed via Grafeas, visibility should be achieved without distrupting development teams.