Integrate Grafeas with Armory Spinnaker
Questions about Integrations?
Make automated pipeline promotion decisions from Spinnaker pipelines based on the Grafeas metadata. Grafeas and Kritis provide a uniform and consistent way to produce and consume artifact metadata from software components with Spinnaker. The metadata is used to help developers audit their software components. Grafeas along with Spinnaker helps you automate DevSecOps decisions with your deployments.
How the Integration Works:
Use the Spinnaker Kritis stage after your application is built to determine what to do. The Kritis stage allows you to either continue the pipeline or stop it based on certain criteria. If a new vulnerability is found, the pipeline will stop with a message about needing to go back and fix your application.
Some decision examples include:
- This container has trusted origin and registry
- This container does not run as root
- This container passes CI tests
- This container was scanned by security
- This container is deployed with the appropriate security context
Automated Security Governance
Building security controls into the software delivery, based on comprehensive component metadata and security attestations protects production deployments. Make automated pipeline promotion decisions from Spinnaker pipelines based on the Grafeas metadata.
Accelerate Development Velocity
Know before your application is deployed to production that there is a critical vulnerability. This will help reduce the feedback loop, allowing you to ship better software faster.
This feature currently exists as an Armory experiment in the form of a Run Job or webhook stage. Our Professional Services Team is happy to help customers implement the solution.
If you're interested in a native integration, contact us! We'd love to hear your feedback and use case.