Metadata for software supply chain
Software supply chains can be described by distinct stages in the software lifecycle, including but not limited to: source, build, test, static analysis (e.g. compliance, vulnerabilities), deploy, and production monitoring. Grafeas provides a canonical representation of metadata for each of the stages. The details of the representation of each stage are determined by the standard formats in the industry, where applicable. For example, Compliance metadata supports representing CIS benchmarks, and can be easily extended for other types of compliance benchmarks in the industry. Easily add new metadata types and providers as your software supply chain grows and evolves. Bring over metadata for analysis from different tools used across different stages of the software development lifecycle.