View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 13, 2017

IBM and Google combine forces to tackle container security

IBM and Google have also outlined future plans for enhancing container security together.

By Tom Ball

Google’s Grafeas Project is set to be enhanced by an IBM security tool as the pair collaborates to tackle container security weakpoints.

The Grafeas Project is a Google Cloud API designed to audit and govern supply chains, and it will be implemented with the Vulnerability Advisor tool from IBM.

Vulnerability Advisor is a container scanning tool that is a component of the company’s container service on the IBM Cloud. The tool is able to locate weak software configurations by scanning container images, ultimately leading to a risk report.

By harnessing the Grafeas Project API, Google and IBM intend to be able to ascertain who has built software, heightening security.

This process of keeping tabs on software origins has become increasingly challenging, as software development has become more distributed and a great deal faster.

Jason McGee, VP, IBM Cloud Platform, said: “Containers and microservices are changing the way software is built and deployed. Large monoliths are being replaced with dozens or hundreds of microservices. Quarterly updates are being replaced with continuous deployments happening dozens of times a day. Servers that you love and maintain are switched for ephemeral containers that are constantly replaced.”

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester


– AR trumps VR in the eyes of Apple CEO Tim Cook


5 of the most notorious names in hacking


– Dell Technologies gambles $1bn on IoT future


Standing firmly behind the notion of collaboration and open community for enhanced security, the team has further plans to use the open API provided by Grafeas to collect dynamic metadata. This capability would open up the ability for organisations to ensure policy compliance across a wide set of software development teams.

Another project planned by the duo is an addition to Grafeas called Kritis, a feature which will empower organisations to implement Kubernetes governance policies. This initiative is intended to provide enforcement, which combined with the mass of metadata harnessed via Grafeas, visibility should be achieved without distrupting development teams.

Topics in this article : , , , ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.