Interested in Dev/Contributing to GUAC? #1

lumjjb · 2022-08-03T19:03:27Z

Welcome! This thread is on expressing interest in contributing to GUAC! We are glad to welcome our fellow open source contributors! As the project is starting up, we will be creating issues that folks can pick up and work on. In the meantime, as the code base is forming up, we'd like to engage directly with our contributors!

BTW we now have a slack channel: https://openssf.slack.com/archives/C03U677QD46

If you are interested in contributing, it would be very helpful to provide the following details (copy and paste into your comment):

1. I am interested in contributing to:
- [ ] Development
- [ ] Documentation
- [ ] Issue triage and community
- [ ] Technical advisory (review [governance document](https://github.com/artifact-ff/artifact-ff/blob/main/GOVERNANCE.md#technical-advisory-members))

2. I am here because:
- [ ] Personal interest
- [ ] My company/orgs i work with are interested in this

3. What is your associated company/org if you're contributing in their capacity? _________

4. Depending on how things go, I may be interested in becoming a maintainer of the project
- [ ] Yes

5. (optional) I have expertise in:
- [ ] Neo4j
- [ ] Cypher
- [ ] GraphQL
- [ ] Intoto
- [ ] SPDX
- [ ] CycloneDX
- [ ] Others (fill in):

The text was updated successfully, but these errors were encountered:

cpendery · 2022-08-04T17:03:19Z

shafeeshafee · 2022-08-05T10:50:05Z

Jhooomn · 2022-08-05T20:29:28Z

nadgowdas · 2022-08-17T14:01:40Z

lumjjb · 2022-08-19T14:59:53Z

btw we have a slack channel now! https://openssf.slack.com/archives/C03U677QD46 come join

halcyondude · 2022-08-19T20:43:14Z

I am interested in contributing to:

Development
Documentation
Issue triage and community
Technical advisory (review governance document)

I am here because:

Personal interest
My company/orgs i work with are interested in this

What is your associated company/org if you're contributing in their capacity? ...stay tuned.
Depending on how things go, I may be interested in becoming a maintainer of the project

Yes

(optional) I have expertise in:

desenna · 2022-09-30T03:59:16Z

I am interested in contributing to:

Development
Documentation
Issue triage and community
Technical advisory (review governance document)

I am here because:

Personal interest
My company/orgs i work with are interested in this

What is your associated company/org if you're contributing in their capacity? _________
Depending on how things go, I may be interested in becoming a maintainer of the project

Yes

(optional) I have expertise in:

Note: my company may be interested in the project and me contributing in their capacity, so I'll update this note if they approve that work.

QAInsights · 2022-10-20T18:23:11Z

I am interested in contributing to:

Development
Documentation
Issue triage and community
Technical advisory (review governance document)

I am here because:

Personal interest
My company/orgs i work with are interested in this

What is your associated company/org if you're contributing in their capacity? _________
Depending on how things go, I may be interested in becoming a maintainer of the project

Yes

(optional) I have expertise in:

JudeSafo · 2022-10-21T20:28:45Z

I am interested in contributing to:

Development
Documentation
Issue triage and community
Technical advisory (review governance document)

I am here because:

Personal interest
My company/orgs i work with are interested in this

What is your associated company/org if you're contributing in their capacity? https://haiphen.io__
Depending on how things go, I may be interested in becoming a maintainer of the project

Yes

(optional) I have expertise in:

danielhaim1 · 2022-10-22T06:01:02Z

scpli3 · 2022-10-22T12:55:13Z

I am interested in contributing to:

Development
Documentation
Issue triage and community
Technical advisory (review governance document)

I am here because:

Personal interest
My company/orgs i work with are interested in this

What is your associated company/org if you're contributing in their capacity? _________
Depending on how things go, I may be interested in becoming a maintainer of the project

Yes

(optional) I have expertise in:

codelion · 2022-10-23T11:01:28Z

I am interested in contributing to:

Development
Documentation
Issue triage and community
Technical advisory (review governance document)

I am here because:

Personal interest
My company/orgs i work with are interested in this

What is your associated company/org if you're contributing in their capacity? N/A
Depending on how things go, I may be interested in becoming a maintainer of the project

Yes

(optional) I have expertise in:

Neo4j
Cypher
GraphQL
Intoto
SPDX
CycloneDX
Others (fill in):
We designed and implemented a similar Security Graph Language (SGL) @sourceclear.
The work was presented at IEEE SecDev 2018:
SGL Slides
SGL Paper

anthonyharrison · 2022-10-23T13:51:13Z

sallienewton · 2022-10-23T17:26:42Z

I am interested in contributing to:

Development
[x ] Documentation
[x ] Issue triage and community
[x ] Technical advisory (review governance document)

I am here because:

[x ] Personal interest
[x ] My company/orgs I work with are interested in this

What is your associated company/org if you're contributing in their capacity? Intel_______
Depending on how things go, I may be interested in becoming a maintainer of the project

[x ] Yes
[x ] Co-Maintainer

(optional) I have expertise in:

Neo4j
Cypher
GraphQL
Intoto
SPDX
CycloneDX
[x ] Others (fill in):
[x ] Policy
[x ] Policy Shifted Left
[x ] SDLC Requirements
[x ] Risk Management
[x ] Compliance through SDLC
[x ] NIST 800-218
[x ] Smart aggregation turning data into meaning

GreyXor · 2022-10-24T13:43:11Z

I am interested in contributing to:

Development
Documentation
Issue triage and community
Technical advisory (review governance document)

I am here because:

Personal interest
My company/orgs i work with are interested in this

What is your associated company/org if you're contributing in their capacity?
Morphysm
Depending on how things go, I may be interested in becoming a maintainer of the project

Yes

(optional) I have expertise in:

cepix1234 · 2022-10-24T15:37:18Z

I am interested in contributing to:

Development
Documentation
Issue triage and community
Technical advisory (review governance document)

I am here because:

Personal interest
My company/orgs i work with are interested in this

What is your associated company/org if you're contributing in their capacity? _________
Depending on how things go, I may be interested in becoming a maintainer of the project

Yes

(optional) I have expertise in:

rvema · 2022-10-24T17:17:14Z

I am interested in contributing to:

Development
Documentation
Issue triage and community
Technical advisory (review governance document)

I am here because:

Personal interest
My company/orgs i work with are interested in this

What is your associated company/org if you're contributing in their capacity? FannieMae
Depending on how things go, I may be interested in becoming a maintainer of the project

Yes

(optional) I have expertise in:

ran-dall · 2022-10-25T16:58:13Z

I am interested in contributing to:

Development
Documentation
Issue triage and community
Technical advisory (review governance document)

I am here because:

Personal interest
My company/orgs i work with are interested in this

What is your associated company/org if you're contributing in their capacity? _________
Depending on how things go, I may be interested in becoming a maintainer of the project

Yes

(optional) I have expertise in:

nettrino · 2022-10-26T18:52:57Z

I am interested in contributing to:

Development
Documentation
Issue triage and community
Technical advisory (review governance document)

I am here because:

Personal interest
My company/orgs i work with are interested in this

What is your associated company/org if you're contributing in their capacity? Crash Override
Depending on how things go, I may be interested in becoming a maintainer of the project

Yes

(optional) I have expertise in:

mraipsec-mra · 2022-10-27T00:28:46Z

I am interested in contributing to:

Development
Documentation
Issue triage and community
Technical advisory (review governance document)

I am here because:

Personal interest
My company/orgs i work with are interested in this

What is your associated company/org if you're contributing in their capacity? _NA
Depending on how things go, I may be interested in becoming a maintainer of the project

Yes

(optional) I have expertise in:

justinabrahms · 2022-10-27T15:33:44Z

I am interested in contributing to:

Development
Documentation
Issue triage and community
Technical advisory (review governance document)

I am here because:

Personal interest
My company/orgs i work with are interested in this

What is your associated company/org if you're contributing in their capacity? eBay
Depending on how things go, I may be interested in becoming a maintainer of the project

Yes

(optional) I have expertise in:

JonZeolla · 2022-10-27T15:53:34Z

I am interested in contributing to:

Development
Documentation
Issue triage and community
Technical advisory (review governance document)

I am here because:

Personal interest
My company/orgs I work with are interested in this

What is your associated company/org if you're contributing in their capacity? Seiso - cloud native security consulting. https:/sei.so
Depending on how things go, I may be interested in becoming a maintainer of the project

Yes

(optional) I have expertise in:

tixu · 2022-10-31T08:46:41Z

I am interested in contributing to:

[ x ] Development
[ x ] Documentation
[ ] Issue triage and community
Technical advisory (review governance document)

I am here because:

[ X ] Personal interest
My company/orgs i work with are interested in this

What is your associated company/org if you're contributing in their capacity? _________
Depending on how things go, I may be interested in becoming a maintainer of the project

Yes

(optional) I have expertise in:

raj-andy1 · 2022-10-31T17:01:24Z

I am interested in contributing to:

Development
[X ] Documentation
[ X] Issue triage and community
[ X] Technical advisory (review governance document)

I am here because:

[ X] Personal interest
My company/orgs i work with are interested in this

What is your associated company/org if you're contributing in their capacity? _________
Depending on how things go, I may be interested in becoming a maintainer of the project

[X ] Yes

(optional) I have expertise in:

ryancraig · 2022-11-15T00:38:20Z

I am interested in contributing to:

Development
Documentation
Issue triage and community
Technical advisory (review governance document)

I am here because:

Personal interest
My company/orgs i work with are interested in this

What is your associated company/org if you're contributing in their capacity? _________
Depending on how things go, I may be interested in becoming a maintainer of the project

Yes

(optional) I have expertise in:

Jhooomn · 2022-11-15T02:09:55Z

btw we have a slack channel now! https://openssf.slack.com/archives/C03U677QD46 come join

could you please share another link ? I´m not able to join to this channel :(

robh-snyk · 2022-11-22T18:16:17Z

KumarAbhishekShahi · 2022-11-23T07:19:53Z

gth999 · 2022-11-27T21:37:15Z

I am interested in contributing to:

Development
Documentation
Issue triage and community
Technical advisory (review governance document)

I am here because:

Personal interest
My company/orgs i work with are interested in this

What is your associated company/org if you're contributing in their capacity? Not Applicable
Depending on how things go, I may be interested in becoming a maintainer of the project

Yes

(optional) I have expertise in:

lumjjb · 2022-12-07T00:27:01Z

Hi All! We are having our first community meeting next week! Looking forward to meeting everyone!!

https://calendar.google.com/calendar/event?action=TEMPLATE&tmeid=MWc4aDR2cG80dXIyMmRkM[…]7576484474ebefce57c47d1eaeb02d6%40group.calendar.google.com

Google Meet link: meet.google.com/zpf-pfkj-ywd

@cpendery @shafeeshafee @Jhooomn @nadgowdas @halcyondude @desenna @QAInsights @JudeSafo @danielhaim1 @scpli3 @codelion @anthonyharrison @sallienewton @GreyXor @cepix1234 @rvema @ran-dall @nettrino @ralav @justinabrahms @JonZeolla @tixu @raj-andy1 @zprobst @raj-riskone @apmarshall @rjain15 @s-spindler @peter-thomas-db @AndrzejRPiotrowski @ajvpot @Siddhant-K-code @ryancraig @robh-snyk @KumarAbhishekShahi @gth999

JudeSafo · 2022-12-07T15:54:58Z

What date and time? FYI: Unable to join the slack channel thus far.

…

rossmcewan · 2022-12-07T16:30:43Z

I am interested in contributing to:

Development
Documentation
Issue triage and community
Technical advisory (review governance document)

I am here because:

Personal interest
My company/orgs i work with are interested in this

What is your associated company/org if you're contributing in their capacity? _________
Depending on how things go, I may be interested in becoming a maintainer of the project

Yes

(optional) I have expertise in:

mihaimaruseac · 2022-12-07T17:26:12Z

What date and time? FYI: Unable to join the slack channel thus far.
…

Monday, 12th of December, 8 am Pacific Time, 11 am East Coast time

JudeSafo · 2022-12-12T03:09:00Z

Hi Mihai, Thanks for providing the date and time. Do you mind also providing the Google Meet link or zoom link to the meeting tomorrow? (The link provided in the original thread just pops open an empty calendar template). Sorry for the noise everyone, once I'm on the slack channel I'm sure it will be easier to communicate. On Wed, Dec 7, 2022, 12:26 PM Mihai Maruseac ***@***.***> wrote:

…

rewanthtammana · 2022-12-12T08:32:14Z

I am interested in contributing to:

Development
Documentation
Issue triage and community
Technical advisory (review governance document)

I am here because:

Personal interest
My company/orgs i work with are interested in this

What is your associated company/org if you're contributing in their capacity? Freelancer
Depending on how things go, I may be interested in becoming a maintainer of the project

Yes

(optional) I have expertise in:

Neo4j
Cypher
GraphQL
Intoto
SPDX
CycloneDX
Others (fill in): Nmap GSoC, Trivy Operator, Kubectl krew plugins, Damn Vulnerable Bank, containers-from-scratch, sigstore-the-easy-way, Golang, & many more. I'm willing to learn more whenever required.

Blog - https://blog.rewanthtammana.com/
Portfolio - https://rewanthtammana.com/

lumjjb · 2022-12-12T08:49:38Z

@JudeSafo here's the meet link: meet.google.com/zpf-pfkj-ywd

developer-guy · 2022-12-12T18:24:38Z

Dentrax · 2022-12-13T07:48:23Z

lumjjb · 2022-12-13T12:36:53Z

Recording from the inaugural GUAC community meeting on 12 Dec (https://drive.google.com/file/d/1u1O6RSYeZT2w6u9jxeSj9X9Z1uqtD1Vn/view)

hkadakia · 2022-12-20T18:52:41Z

hosseinsia · 2022-12-22T20:55:36Z

alftom · 2023-01-05T21:45:36Z

The distributed energy grid might be able to use this so I'd like to get involved. Two questions:

do I need to be a member of OpenSSF to join the Slack channel?
what/who is going to host the database that stores all this data?

I am interested in contributing to:

Development
Documentation
Issue triage and community
Technical advisory (review governance document)

I am here because:

Personal interest
My company/orgs i work with are interested in this

What is your associated company/org if you're contributing in their capacity? Lumian.org and SunSpec.org
Depending on how things go, I may be interested in becoming a maintainer of the project

Yes

(optional) I have expertise in:

lumjjb · 2023-02-02T22:14:47Z

Hi fellow GUAC community members!

We have some exciting updates and announcements for the GUAC project!

Community Updates!

We are having our next community meeting on 16 February! This will be a monthly recurring meeting! Calendar Invite here (located under Communication in README)
We created a community mailing list! (located under Communication in README)

GUAC Beta v0.1

We have a GUAC Beta v0.1 planned coming up. Besides a deployable services, this also marks a milestone in the development of a GraphQL which will eventually mature to the v1.0 API. The GUAC Beta is planned for end of March.
We had the first maintainer summit since the initial formation of the project. The focus of the workshop was to discuss and get consensus on the open issues/design docs, as well as get some clarity around the proposed GUAC Beta v0.1. The summit notes are made available here (located under Additional References in README).

Lots of changes coming! Including some breaking ones!

During this transition to the new API, there will be a LOT of code refactors and breaking changes within the next 3 months of project development.
To ensure that folks can still try out the initial POC, we have created a tag for v0.0.1 to pin to the demo.
We understand that this will impact contributors that want to contribute code to the project, since there are many moving pieces during this time, there is a chance that certain files within will be refactored or deprecated. For those wanting to contribute, we encourage discussing with a maintainer through issues or slack about the topic first before picking up an issue or opening a PR!

Cheers
GUAC Maintainers

lumjjb · 2023-02-08T16:22:35Z

@alftom

do I need to be a member of OpenSSF to join the Slack channel?

no, anyone can join it.

what/who is going to host the database that stores all this data?

for the attestations and the blob themselves this would be from the repo/storage that they reside in. For the graph DB, currently, we store the linkage and metadata in neo4j. However, this backend is extensible.

In terms of document storage, we have chatted about potentially have a collector that handles this for you (e.g. if you point it to a http endpoint, it will keep a copy of the documents it collects), and these are exposed through the SourceInformation field within the nodes/edges.

Would you mind creating a separate issue if you'd like further expansion so it will be better searchable! Thanks!

dejanb · 2023-02-13T08:48:24Z

I am interested in contributing to:

Development
Documentation
Issue triage and community
Technical advisory (review governance document)

I am here because:

Personal interest
My company/orgs i work with are interested in this

What is your associated company/org if you're contributing in their capacity? Red Hat
Depending on how things go, I may be interested in becoming a maintainer of the project

Yes

(optional) I have expertise in:

kanchan-dhamane · 2023-03-10T12:20:19Z

I am interested in contributing to:

Development
Documentation
Issue triage and community
Technical advisory (review governance document)

I am here because:

Personal interest
My company/orgs i work with are interested in this

What is your associated company/org if you're contributing in their capacity? _________
Depending on how things go, I may be interested in becoming a maintainer of the project

Yes

(optional) I have expertise in:

pxp928 · 2023-03-10T12:28:43Z

Hello everyone! Please join our slack channel: https://openssf.slack.com/archives/C03U677QD46. If you are interested or looking to contribute and can't find an issue to work on, please reach out to us and we will be happy to point you to issues that need tackling!

lumjjb · 2023-04-28T15:35:04Z

Hi all! Now that we are close to our GUAC v0.1 beta launch (in a few weeks). Part of that is closing this issue! And pointing everyone over to the new contributing page that we've updated and fleshed out! So please do take a look there!

We have additional information on how to contribute and also a contributor ladder as well!

Ent isOccurrence progress WIP.

Signed-off-by: mrizzi <[email protected]>

* Ent - PackageVersion: added index for improving IsDependency ingestion (guacsec#1439) Signed-off-by: mrizzi <[email protected]> * Ent: Package,IsDependency concurrent bulk ingestions (guacsec#1440) Signed-off-by: mrizzi <[email protected]> * Ent - HasMetadata: fix ingesting same twice (guacsec#1392) Signed-off-by: mrizzi <[email protected]> * Ent - Vulnerability endpoints: applied concurrent approach Signed-off-by: mrizzi <[email protected]> * Ent implementation for use case guacsec#1-guacsec#2 Signed-off-by: mrizzi <[email protected]> --------- Signed-off-by: mrizzi <[email protected]>

lumjjb changed the title ~~Interested in Dev/Contributing to AFF?~~ Interested in Dev/Contributing to GUAC? Aug 17, 2022

lumjjb pinned this issue Aug 22, 2022

pxp928 unpinned this issue Aug 30, 2022

pxp928 pinned this issue Aug 30, 2022

trmiller unpinned this issue Oct 26, 2022

trmiller pinned this issue Oct 26, 2022

robh-snyk mentioned this issue Dec 1, 2022

Cannot parse CycloneDX documents with dependencies missing the "depends on" field #243

Closed

lumjjb closed this as completed Apr 28, 2023

mihaimaruseac unpinned this issue Apr 28, 2023

mrizzi pushed a commit to mrizzi/guac that referenced this issue Jun 23, 2023

Merge pull request guacsec#1 from jeffmendoza/feature/postgres-backend

ab0b5ed

Ent isOccurrence progress WIP.

mrizzi added a commit to mrizzi/guac that referenced this issue Nov 10, 2023

Ent implementation for use case guacsec#1-guacsec#2

c31fe79

Signed-off-by: mrizzi <[email protected]>

Interested in Dev/Contributing to GUAC? #1

Interested in Dev/Contributing to GUAC? #1

Comments

lumjjb commented Aug 3, 2022 • edited

cpendery commented Aug 4, 2022 • edited

shafeeshafee commented Aug 5, 2022 • edited

Jhooomn commented Aug 5, 2022 • edited

nadgowdas commented Aug 17, 2022 • edited

lumjjb commented Aug 19, 2022

halcyondude commented Aug 19, 2022 • edited

desenna commented Sep 30, 2022 • edited

QAInsights commented Oct 20, 2022

JudeSafo commented Oct 21, 2022

danielhaim1 commented Oct 22, 2022 • edited

scpli3 commented Oct 22, 2022

codelion commented Oct 23, 2022 • edited

anthonyharrison commented Oct 23, 2022 • edited

sallienewton commented Oct 23, 2022

GreyXor commented Oct 24, 2022

cepix1234 commented Oct 24, 2022

rvema commented Oct 24, 2022

ran-dall commented Oct 25, 2022

nettrino commented Oct 26, 2022 • edited

mraipsec-mra commented Oct 27, 2022 • edited

justinabrahms commented Oct 27, 2022

JonZeolla commented Oct 27, 2022 • edited

tixu commented Oct 31, 2022

raj-andy1 commented Oct 31, 2022

ryancraig commented Nov 15, 2022

Jhooomn commented Nov 15, 2022

robh-snyk commented Nov 22, 2022 • edited

KumarAbhishekShahi commented Nov 23, 2022 • edited

gth999 commented Nov 27, 2022

lumjjb commented Dec 7, 2022 • edited

JudeSafo commented Dec 7, 2022 via email

rossmcewan commented Dec 7, 2022

mihaimaruseac commented Dec 7, 2022 • edited

JudeSafo commented Dec 12, 2022 via email

rewanthtammana commented Dec 12, 2022

lumjjb commented Dec 12, 2022

developer-guy commented Dec 12, 2022

Dentrax commented Dec 13, 2022 • edited

lumjjb commented Dec 13, 2022

hkadakia commented Dec 20, 2022 • edited

hosseinsia commented Dec 22, 2022 • edited

alftom commented Jan 5, 2023

lumjjb commented Feb 2, 2023 • edited

lumjjb commented Feb 8, 2023

dejanb commented Feb 13, 2023

kanchan-dhamane commented Mar 10, 2023

pxp928 commented Mar 10, 2023

lumjjb commented Apr 28, 2023

lumjjb commented Aug 3, 2022 •

edited

cpendery commented Aug 4, 2022 •

edited

shafeeshafee commented Aug 5, 2022 •

edited

Jhooomn commented Aug 5, 2022 •

edited

nadgowdas commented Aug 17, 2022 •

edited

halcyondude commented Aug 19, 2022 •

edited

desenna commented Sep 30, 2022 •

edited

danielhaim1 commented Oct 22, 2022 •

edited

codelion commented Oct 23, 2022 •

edited

anthonyharrison commented Oct 23, 2022 •

edited

nettrino commented Oct 26, 2022 •

edited

mraipsec-mra commented Oct 27, 2022 •

edited

JonZeolla commented Oct 27, 2022 •

edited

robh-snyk commented Nov 22, 2022 •

edited

KumarAbhishekShahi commented Nov 23, 2022 •

edited

lumjjb commented Dec 7, 2022 •

edited

mihaimaruseac commented Dec 7, 2022 •

edited

Dentrax commented Dec 13, 2022 •

edited

hkadakia commented Dec 20, 2022 •

edited

hosseinsia commented Dec 22, 2022 •

edited

lumjjb commented Feb 2, 2023 •

edited