Add GUAC support

[PradyumnaKrishna]

Description Graph for Understanding Artifact Composition (GUAC) aggregates software security metadata into a high fidelity graph database—normalizing entity identities and mapping standard relationships between them. This issues aims to add GUAC support, enable in-toto to parse, query and retrieve attestations from the knowledge graph. Enable querying GUAC with a PURL (Package URL) and retrieve all relevant attestations for a specific artifact.

[axif0]

Hello @PradyumnaKrishna, I am interested to contribute in this issue.

I have few questions - How do you envision the integration of GUAC support into in-toto? Will there be modifications to the existing codebase to support parsing, querying, and retrieving attestations from the GUAC knowledge graph?

[alanssitis]

@PradyumnaKrishna, it feels a bit fishy to add attestation retrieval functionality to a prototyping repo. I expect this repo's functionality to be adopted in other in-toto implementations when we accept ITE-11.

[PradyumnaKrishna]

@PradyumnaKrishna, it feels a bit fishy to add attestation retrieval functionality to a prototyping repo. I expect this repo's functionality to be adopted in other in-toto implementations when we accept ITE-11.

This issue is for GSoC project, and @SantiagoTorres suggested to work on this here. I believe this will merge it with in-toto golang sometime in future.

[alanssitis]

I think there's some interest in https://github.com/in-toto/witness for using the features in this repo, so feel free to look there, too!

[navin772]

@PradyumnaKrishna I came across this project from LFX, are there any pre-tasks?

[angad-singhh]

Hey @PradyumnaKrishna, I am interested in working on this project under the LFX mentorship, please do share any resources to get started with or any pre tasks to perform.

Meanwhile i will try to research on my own what i am expected to perform in this project and will joining the community for further communication.

[Acuspeedster]

Hello @PradyumnaKrishna , I am willing to work on this issue under LFX mentorship, can you please provide steps to proceed?

[abhinavm13]

Hello @PradyumnaKrishna , I have applied to be a part of this project through LFX, and am very eager to contribute. I am looking forward to your guidance and mentorship.

[literalEval]

Hey @PradyumnaKrishna Can you please point out to the pretest needed for this project ?

Thanks.

[pandeyyyy]

Hey @PradyumnaKrishna came here through LFX, looking forward to contribute and learn under your guidance

[pandeyyyy]

any updates on result?