Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add GUAC support #29

Open
PradyumnaKrishna opened this issue Mar 25, 2024 · 11 comments
Open

Add GUAC support #29

PradyumnaKrishna opened this issue Mar 25, 2024 · 11 comments

Comments

@PradyumnaKrishna
Copy link

Description
Graph for Understanding Artifact Composition (GUAC) aggregates software security metadata into a high fidelity graph database—normalizing entity identities and mapping standard relationships between them. This issues aims to add GUAC support, enable in-toto to parse, query and retrieve attestations from the knowledge graph. Enable querying GUAC with a PURL (Package URL) and retrieve all relevant attestations for a specific artifact.
@axif0
Copy link

axif0 commented Mar 31, 2024

Hello @PradyumnaKrishna, I am interested to contribute in this issue.

I have few questions - How do you envision the integration of GUAC support into in-toto? Will there be modifications to the existing codebase to support parsing, querying, and retrieving attestations from the GUAC knowledge graph?

@alanssitis
Copy link
Member

@PradyumnaKrishna, it feels a bit fishy to add attestation retrieval functionality to a prototyping repo. I expect this repo's functionality to be adopted in other in-toto implementations when we accept ITE-11.

@PradyumnaKrishna
Copy link
Author

@PradyumnaKrishna, it feels a bit fishy to add attestation retrieval functionality to a prototyping repo. I expect this repo's functionality to be adopted in other in-toto implementations when we accept ITE-11.

This issue is for GSoC project, and @SantiagoTorres suggested to work on this here. I believe this will merge it with in-toto golang sometime in future.

@alanssitis
Copy link
Member

I think there's some interest in https://github.com/in-toto/witness for using the features in this repo, so feel free to look there, too!

@navin772
Copy link

@PradyumnaKrishna I came across this project from LFX, are there any pre-tasks?

@angad-singhh
Copy link

Hey @PradyumnaKrishna, I am interested in working on this project under the LFX mentorship, please do share any resources to get started with or any pre tasks to perform.

Meanwhile i will try to research on my own what i am expected to perform in this project and will joining the community for further communication.

@Acuspeedster
Copy link

Hello @PradyumnaKrishna , I am willing to work on this issue under LFX mentorship, can you please provide steps to proceed?

@abhinavm13
Copy link

Hello @PradyumnaKrishna , I have applied to be a part of this project through LFX, and am very eager to contribute. I am looking forward to your guidance and mentorship.

@literalEval
Copy link

Hey @PradyumnaKrishna
Can you please point out to the pretest needed for this project ?

Thanks.

@pandeyyyy
Copy link

Hey @PradyumnaKrishna came here through LFX, looking forward to contribute and learn under your guidance

@pandeyyyy
Copy link

any updates on result?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@PradyumnaKrishna @literalEval @alanssitis @axif0 @navin772 @angad-singhh @Acuspeedster @pandeyyyy @abhinavm13