Daniel Ståhl
Nov 13, 2017, 2:58:18 AM11/13/17
to Eiffel Community
A colleague just pinged me regarding Grafeas, a new software supply chain traceability initiative by JFrog and Google. The documentation is rather scarce at this point, but much of what I've seen appears rather Eiffel-ish. There's an upcoming webinar you might want to attend: https://leap.jfrog.com/WN2017-ImplementingaSingleSourceofTruthinaHybridCloudWorld_RegistrationPage.html
I'll definitely try to watch it.
Daniel
I'll definitely try to watch it.
Daniel
Bue Petersen
Nov 16, 2017, 8:09:32 AM11/16/17
to Eiffel Community
I attended the webinar and have shortly looked into Grafeas.
It seems to me they are tracking binaries only, and concerned much with vulnerabilities and keeping track of what is running in production or can or can not be deployed based on policies.
So maybe it is a good supplement to Eiffel when we at one point in our trace have a binary like a container image, a jar file, NuGet package etc.
But currently I don't see it replaces the purpose of Eiffel, though Grafeas could also be extended.
Did other see the webinar or looked closer at grafeas? How do you see it?
.Bue
It seems to me they are tracking binaries only, and concerned much with vulnerabilities and keeping track of what is running in production or can or can not be deployed based on policies.
So maybe it is a good supplement to Eiffel when we at one point in our trace have a binary like a container image, a jar file, NuGet package etc.
But currently I don't see it replaces the purpose of Eiffel, though Grafeas could also be extended.
Did other see the webinar or looked closer at grafeas? How do you see it?
.Bue
Daniel Ståhl
Nov 16, 2017, 8:22:43 AM11/16/17
to Eiffel Community
Hi,
Yes, I watched the recording of the webinar.
I think it's interesting, and it's a confirmation that the need for traceability and a self-documenting pipeline is only growing in importance. More and more organizations are becoming aware of it.
Similar to your reflection, Bue, I find that they essentially focus on one of the use cases for Eiffel. More or less what they describe is one of the things we use Eiffel for, but what we're doing with Eiffel is try to create an information model that addresses more or less any use case. That being said, they have some nice tool integrations on display.
I've reached out to the people who held the webinar. Let's see if we can get a dialog going.
Daniel
Yes, I watched the recording of the webinar.
I think it's interesting, and it's a confirmation that the need for traceability and a self-documenting pipeline is only growing in importance. More and more organizations are becoming aware of it.
Similar to your reflection, Bue, I find that they essentially focus on one of the use cases for Eiffel. More or less what they describe is one of the things we use Eiffel for, but what we're doing with Eiffel is try to create an information model that addresses more or less any use case. That being said, they have some nice tool integrations on display.
I've reached out to the people who held the webinar. Let's see if we can get a dialog going.
Daniel
Reply all
Reply to author
Forward
0 new messages