Open PradyumnaKrishna opened 6 months ago
Hello @PradyumnaKrishna, I am interested to contribute in this issue.
I have few questions - How do you envision the integration of GUAC support into in-toto? Will there be modifications to the existing codebase to support parsing, querying, and retrieving attestations from the GUAC knowledge graph?
@PradyumnaKrishna, it feels a bit fishy to add attestation retrieval functionality to a prototyping repo. I expect this repo's functionality to be adopted in other in-toto implementations when we accept ITE-11.
@PradyumnaKrishna, it feels a bit fishy to add attestation retrieval functionality to a prototyping repo. I expect this repo's functionality to be adopted in other in-toto implementations when we accept ITE-11.
This issue is for GSoC project, and @SantiagoTorres suggested to work on this here. I believe this will merge it with in-toto golang sometime in future.
I think there's some interest in https://github.com/in-toto/witness for using the features in this repo, so feel free to look there, too!
@PradyumnaKrishna I came across this project from LFX, are there any pre-tasks?
Hey @PradyumnaKrishna, I am interested in working on this project under the LFX mentorship, please do share any resources to get started with or any pre tasks to perform.
Meanwhile i will try to research on my own what i am expected to perform in this project and will joining the community for further communication.
Hello @PradyumnaKrishna , I am willing to work on this issue under LFX mentorship, can you please provide steps to proceed?
Hello @PradyumnaKrishna , I have applied to be a part of this project through LFX, and am very eager to contribute. I am looking forward to your guidance and mentorship.
Hey @PradyumnaKrishna Can you please point out to the pretest needed for this project ?
Thanks.
Hey @PradyumnaKrishna came here through LFX, looking forward to contribute and learn under your guidance
any updates on result?
Description Graph for Understanding Artifact Composition (GUAC) aggregates software security metadata into a high fidelity graph database—normalizing entity identities and mapping standard relationships between them. This issues aims to add GUAC support, enable in-toto to parse, query and retrieve attestations from the knowledge graph. Enable querying GUAC with a PURL (Package URL) and retrieve all relevant attestations for a specific artifact.