Você está visualizando o site de uma EDIÇÃO PASSADA do QCon.

Palestra: Software Supply Chain Management with Grafeas and Kritis

Track: Atingindo Todo o Potencial de Containers

Sala: 4 São Francisco

Horário: 4:05pm - 4:50pm

Dia da semana: Quarta-feira

Slides: Download Slides

Apresentação em Inglês

Share this on:

This presentation is now available to view on InfoQ.com

Assista a palestra com transcrição


Software Supply Chain is a collective term used to describe the continuous integration and delivery pipelines. In addition, it refers to the observability tools that track what happens to a piece of code from the moment it’s in the source code to when it gets deployed, and everywhere in between. Grafeas is an open-source artifact metadata API to audit and govern your software supply chain. It's built as an industry standard for storing and retrieving metadata about software resources. Kritis is an open-source solution for securing your software supply chain for Kubernetes applications. It enforces deploy-time security policies using Grafeas.

This talk will discuss the goals for each of the two open source projects, dive into the examples of how they can be used to secure your company's software supply chain, and conclude with the details of current and future development.

Palestrante: Aysylu Greenberg

Senior Software Engineer @Google

Aysylu Greenberg is a Sr Software Engineer at Google working on infrastructure. In her spare time, she ponders the design of systems that deal with inaccuracies, enthusiastically reads CS research papers, and dances.

Find Aysylu Greenberg at

Tracks 2019