One Metadata to Rule Them All Open Approach
- Slides: 9
One Metadata to Rule Them All: Open Approach to Metadata for Better Releases The Grafeas Project @jbaruch @saturnism #Oracle. Code. One #grafeas
The speakers @jbaruch @saturnism #Oracle. Code. One #grafeas
Do you Grafeas? • Never heard about Grafeas • Vaguely remember last year’s announcement • Know about it, follow the news • Use Grafeas • I am Vincent Tsao @jbaruch @saturnism #Oracle. Code. One #grafeas
Grafeas what? • API spec for managing metadata about software resources • • Container images VM images JAR files scripts • Define and aggregate information @jbaruch @saturnism #Oracle. Code. One #grafeas
Unified metadata • Consume metadata from public sources • NVDB • Maven Central • Produce metadata about private packages • Jenkins • JFrog Xray • Combine metadata to product level • Make decisions in runtime • Kritis @jbaruch #dockercon jfrog. com/shownotes
Grafeas model • Note • Vulnerability • License • QA coverage • Occurrence • Instantiation of a note on an artifact @jbaruch #dockercon jfrog. com/shownotes
Component types • Debian • Docker • Maven • npm • Nu. Get • Python • rpm • Generic file @jbaruch #dockercon jfrog. com/shownotes
Anything beyond docs? • Reference implementation • https: //github. com/grafeas • JFrog Xray • https: //www. jfrog. com/confluence/display/XRAY/Xray+REST+API#Xray. RESTAPI-GRAFEAS • Twistlock @jbaruch #dockercon jfrog. com/shownotes
Q&A and twitter aids • @jbaruch • @saturnism • #Oracle. Code. One • #grafeas