Grafeas is an open-source initiative supported by major organizations like Google, JFrog, and Redhat, aiming to establish a universal artifact metadata API specification. This project is designed to address the need for a common metadata language in the ever-evolving world of information systems and software components. Grafeas defines a metadata API spec for computing components and uses two main concepts, "note" and "occurrence," to facilitate metadata aggregation and fine-grained access control. As more systems adopt the Grafeas format, it will simplify obtaining a comprehensive view of artifact provenance, quality, and security, thus enhancing software delivery pipeline security. The initiative is complemented by Kritis, a future Kubernetes component that will regulate deployment permissions based on Grafeas metadata, currently in alpha testing at Google. Codefresh, a platform focused on artifact metadata, supports Grafeas by exposing pipeline metadata in its format and has created a command-line utility, 'cf-grafeas,' to update Grafeas servers. The project currently supports certain artifact information kinds, with plans to expand coverage and integrate with security scanners and audit engines, offering a promising prospect for users.