Skip to content

drewboswell/grafeas

 
 

Repository files navigation

Grafeas: A Component Metadata API

Grafeas logo

Grafeas ("scribe" in Greek) is an open-source artifact metadata API that provides a uniform way to audit and govern your software supply chain. Grafeas defines an API spec for managing metadata about software resources, such as container images, Virtual Machine (VM) images, JAR files, and scripts. You can use Grafeas to define and aggregate information about your project's components. Grafeas provides organizations with a central source of truth for tracking and enforcing policies across an ever growing set of software development teams and pipelines. Build, auditing, and compliance tools can use the Grafeas API to store, query, and retrieve comprehensive metadata on software components of all kinds.

Grafeas divides the metadata information into notes and occurrences. Notes are high-level descriptions of particular types of metadata. Occurrences are instantiations of notes, which describe how and when a given note occurs on the resource associated with the occurrence. This division allows third-party metadata providers to create and manage metadata on behalf of many customers. It also allows for fine-grained access control of different types of metadata.

Getting Started

Support

If you have questions, reach out to us on grafeas-users. For questions about contributing, please see the section below or use grafeas-dev.

Grafeas announcements will be posted to its @grafeasio Twitter account and to grafeas-users.

Contributing

See CONTRIBUTING for details on how you can contribute.

See DEVELOPMENT for details on the development and testing workflow.

License

Grafeas is under the Apache 2.0 license. See the LICENSE file for details.

About

Artifact Metadata API

Resources

License

Code of conduct

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Go 97.8%
  • ANTLR 1.2%
  • Other 1.0%