hown3d
commented
10 hours ago Thanks for opening an issue on this topic!
From my undestandment there is not THE VEX hub. I've seen VEX hub from aqua and VEX hub from rancher. I think the certifier should conform to the VEX Repo Spec.
Another question in place is how the certifier would discover those repositories. I guess a configuration option?
Is your feature request related to a problem? Please describe.
This was mentioned by Lukas Hoehl in Slack. VEX statements aren't always easy to find. VEX Hub automatically collects VEX statements and makes them easily discoverable.
Describe the solution you'd like A certifier that queries VEX Hub for VEX statements affecting pURLs found in GUAC data.
Describe alternatives you've considered Directly incorporating vexhub-crawler or similar into GUAC to fetch the VEX statements directly.
Additional context This was the subject of a conversation at KubeCon today. It should be relatively simple to create a certifier for this, it "just" needs someone with the time to write the code.