Interested in Dev/Contributing to GUAC?
lumjjb opened this issue · comments
Welcome! This thread is on expressing interest in contributing to GUAC! We are glad to welcome our fellow open source contributors! As the project is starting up, we will be creating issues that folks can pick up and work on. In the meantime, as the code base is forming up, we'd like to engage directly with our contributors!
BTW we now have a slack channel: https://openssf.slack.com/archives/C03U677QD46
If you are interested in contributing, it would be very helpful to provide the following details (copy and paste into your comment):
1. I am interested in contributing to:
- [ ] Development
- [ ] Documentation
- [ ] Issue triage and community
- [ ] Technical advisory (review [governance document](https://github.com/artifact-ff/artifact-ff/blob/main/GOVERNANCE.md#technical-advisory-members))
2. I am here because:
- [ ] Personal interest
- [ ] My company/orgs i work with are interested in this
3. What is your associated company/org if you're contributing in their capacity? _________
4. Depending on how things go, I may be interested in becoming a maintainer of the project
- [ ] Yes
5. (optional) I have expertise in:
- [ ] Neo4j
- [ ] Cypher
- [ ] GraphQL
- [ ] Intoto
- [ ] SPDX
- [ ] CycloneDX
- [ ] Others (fill in):
- I am interested in contributing to:
- Development
- Documentation
- Issue triage and community
- Technical advisory (review governance document)
- I am here because:
- Personal interest
- My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity?
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- Yes
- (optional) I have expertise in:
- Neo4j
- Cypher
- GraphQL
- Intoto
- SPDX
- CycloneDX
- Others (fill in): Grype, Syft, Trivy, OSV data formats, Golang
Note: my company may be interested in the project and me contributing in their capacity, so I'll update this note if they approve that work
- I am interested in contributing to:
- Development
- Documentation
- Issue triage and community
- Technical advisory (review governance document)
- I am here because:
- Personal interest
- My company/orgs I work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? _________ -
Depending on how things go, I may be interested in becoming a maintainer of the project
- Yes
- Maybe. Would be interested to stick with it so I can learn more about supply chain security 😃
- (optional) I have expertise in:
- Neo4j
- Cypher
- GraphQL (somewhat)
- Intoto
- SPDX
- CycloneDX
- Others (fill in): HTML, CSS, JavaScript, Node.js, React, SQL. Open to expand my contribution/learning if more work is needed in any area of this project
- I am interested in contributing to:
- Development
- Documentation
- Issue triage and community
- Technical advisory (review governance document)
- I am here because:
- Personal interest
- My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? _________
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- Yes
- (optional) I have expertise in:
- Neo4j
- Cypher
- GraphQL
- Intoto
- SPDX
- CycloneDX
- Others (java, spring boot, mySql, mongodb, redis, golang, xml, json, rabbitmq, activemq, gcp):
- I am interested in contributing to:
- Development
- Documentation
- Issue triage and community
- Technical advisory (review governance document)
- I am here because:
- Personal interest
- My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? _Intel
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- Yes
- (optional) I have expertise in:
- Neo4j
- Cypher
- GraphQL
- Intoto
- SPDX
- CycloneDX
- Others (fill in):
btw we have a slack channel now! https://openssf.slack.com/archives/C03U677QD46 come join
- I am interested in contributing to:
- Development
- Documentation
- Issue triage and community
- Technical advisory (review governance document)
- I am here because:
- Personal interest
- My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? ...stay tuned.
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- Yes
- (optional) I have expertise in:
- Neo4j
- Cypher
- GraphQL
- Intoto
- SPDX
- CycloneDX
- Others (fill in):
- cncf/landscape-graph
- cncf/tag-observability
- k8s, linkerd, operators, streaming, ci, gitops, dataThings, STRIDE, pride, compliance, ...
- Cirrus, Nimbostratus, Cumulonimbus, Stratocumulus, Mammatus, Orographic, Lenticular, and Contrails.
- I am interested in contributing to:
- Development
- Documentation
- Issue triage and community
- Technical advisory (review governance document)
- I am here because:
- Personal interest
- My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? _________
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- Yes
- (optional) I have expertise in:
- Neo4j
- Cypher
- GraphQL
- Intoto
- SPDX
- CycloneDX
- Others (fill in): Grype, Syft, Trivy, testing, CI
Note: my company may be interested in the project and me contributing in their capacity, so I'll update this note if they approve that work.
- I am interested in contributing to:
- Development
- Documentation
- Issue triage and community
- Technical advisory (review governance document)
- I am here because:
- Personal interest
- My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? _________
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- Yes
- (optional) I have expertise in:
- Neo4j
- Cypher
- GraphQL
- Intoto
- SPDX
- CycloneDX
- Others (fill in):
- I am interested in contributing to:
- Development
- Documentation
- Issue triage and community
- Technical advisory (review governance document)
- I am here because:
- Personal interest
- My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? https://haiphen.io__
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- Yes
- (optional) I have expertise in:
- Neo4j
- Cypher
- GraphQL
- Intoto
- SPDX
- CycloneDX
- Others (fill in): ml, nlp, BERT, inductive GNN
- I am interested in contributing to:
- Development
- Documentation
- Issue triage and community
- Technical advisory (review governance document)
- I am here because:
- Personal interest
- My company/orgs i work with are interested in this
- Depending on how things go, I may be interested in becoming a maintainer of the project
- Yes
- (optional) I have expertise in:
- Neo4j
- Cypher
- GraphQL
- Intoto
- SPDX
- CycloneDX
- Others (fill in):
- I am interested in contributing to:
- Development
- Documentation
- Issue triage and community
- Technical advisory (review governance document)
- I am here because:
- Personal interest
- My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? _________
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- Yes
- (optional) I have expertise in:
- Neo4j
- Cypher
- GraphQL
- Intoto
- SPDX
- CycloneDX
- Others (fill in):
- I am interested in contributing to:
- Development
- Documentation
- Issue triage and community
- Technical advisory (review governance document)
- I am here because:
- Personal interest
- My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? N/A
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- Yes
- (optional) I have expertise in:
- Neo4j
- Cypher
- GraphQL
- Intoto
- SPDX
- CycloneDX
- Others (fill in):
We designed and implemented a similar Security Graph Language (SGL) @sourceclear.
The work was presented at IEEE SecDev 2018:
SGL Slides
SGL Paper
- I am interested in contributing to:
- Development
- Documentation
- Issue triage and community
- Technical advisory (review governance document)
- I am here because:
- Personal interest
- My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? _________
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- Yes
- (optional) I have expertise in:
- Neo4j
- Cypher
- GraphQL
- Intoto
- SPDX
- CycloneDX
- Others (fill in): Python
- I am interested in contributing to:
- Development
- [x ] Documentation
- [x ] Issue triage and community
- [x ] Technical advisory (review governance document)
- I am here because:
- [x ] Personal interest
- [x ] My company/orgs I work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? Intel_______
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- [x ] Yes
- [x ] Co-Maintainer
- (optional) I have expertise in:
- Neo4j
- Cypher
- GraphQL
- Intoto
- SPDX
- CycloneDX
- [x ] Others (fill in):
- [x ] Policy
- [x ] Policy Shifted Left
- [x ] SDLC Requirements
- [x ] Risk Management
- [x ] Compliance through SDLC
- [x ] NIST 800-218
- [x ] Smart aggregation turning data into meaning
- I am interested in contributing to:
- Development
- Documentation
- Issue triage and community
- Technical advisory (review governance document)
- I am here because:
- Personal interest
- My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity?
Morphysm -
Depending on how things go, I may be interested in becoming a maintainer of the project
- Yes
- (optional) I have expertise in:
- Neo4j
- Cypher
- GraphQL
- Intoto
- SPDX
- CycloneDX
- Go
- CodeQL
- I am interested in contributing to:
- Development
- Documentation
- Issue triage and community
- Technical advisory (review governance document)
- I am here because:
- Personal interest
- My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? _________
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- Yes
- (optional) I have expertise in:
- Neo4j
- Cypher
- GraphQL
- Intoto
- SPDX
- CycloneDX
- Others (fill in): Python, C#, C++, HTML, PHP, MSSQL, Oracle, TypeScript, NodeJs, Bash, Batch, PowerShell
- I am interested in contributing to:
- Development
- Documentation
- Issue triage and community
- Technical advisory (review governance document)
- I am here because:
- Personal interest
- My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? FannieMae
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- Yes
- (optional) I have expertise in:
- Neo4j
- Cypher
- GraphQL
- Intoto
- SPDX
- CycloneDX
- Others (fill in): Java, TypeScript, Python, Bash
- I am interested in contributing to:
- Development
- Documentation
- Issue triage and community
- Technical advisory (review governance document)
- I am here because:
- Personal interest
- My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? _________
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- Yes
- (optional) I have expertise in:
- Neo4j
- Cypher
- GraphQL
- Intoto
- SPDX
- CycloneDX
- Others (fill in): Go, Rust, C/C++, JS, TS, Ruby, Bash, Python, WASM, HTML/CSS, SQL
- I am interested in contributing to:
- Development
- Documentation
- Issue triage and community
- Technical advisory (review governance document)
- I am here because:
- Personal interest
- My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? Crash Override
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- Yes
- (optional) I have expertise in:
- Neo4j (familiarity)
- Cypher (familiarity)
- GraphQL (familiarity)
- Intoto
- SPDX
- CycloneDX (familiarity)
- Others (fill in): Python, Golang, C, LLVM, GCC, JS, TS, Bash, Python, HTML/CSS, SQL
- I am interested in contributing to:
- Development
- Documentation
- Issue triage and community
- Technical advisory (review governance document)
- I am here because:
- Personal interest
- My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? _NA
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- Yes
- (optional) I have expertise in:
- Neo4j
- Cypher
- GraphQL
- Intoto
- SPDX
- CycloneDX
- Developer Advocacy
- Platform Enabler
- Programming Distributed Systems & Design Internals
- Best practices, recommendations for cloud native applications for good.
- I am interested in contributing to:
- Development
- Documentation
- Issue triage and community
- Technical advisory (review governance document)
- I am here because:
- Personal interest
- My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? eBay
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- Yes
- (optional) I have expertise in:
- Neo4j
- Cypher
- GraphQL
- Intoto
- SPDX
- CycloneDX
- Others (fill in):
- I am interested in contributing to:
- Development
- Documentation
- Issue triage and community
- Technical advisory (review governance document)
- I am here because:
- Personal interest
- My company/orgs I work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? Seiso - cloud native security consulting. https:/sei.so
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- Yes
- (optional) I have expertise in:
- Neo4j
- Cypher
- GraphQL
- Intoto (user)
- SPDX
- CycloneDX
- Others (fill in): Policy [as code], compliance automation, TAG-Security Controls, being pedantic
- I am interested in contributing to:
- [ x ] Development
- [ x ] Documentation
- [ ] Issue triage and community
- Technical advisory (review governance document)
- I am here because:
- [ X ] Personal interest
- My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? _________
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- Yes
- (optional) I have expertise in:
- [ X ] Neo4j
- Cypher
- GraphQL
- Intoto
- SPDX
- [ X ] CycloneDX
- Others (fill in):
- I am interested in contributing to:
- Development
- [X ] Documentation
- [ X] Issue triage and community
- [ X] Technical advisory (review governance document)
- I am here because:
- [ X] Personal interest
- My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? _________
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- [X ] Yes
- (optional) I have expertise in:
- Neo4j
- Cypher
- GraphQL
- Intoto
- SPDX
- CycloneDX
- [X ] Others (fill in): Python, Compliance, FedRAMP,
- I am interested in contributing to:
- Development
- Documentation
- Issue triage and community
- Technical advisory (review governance document)
- I am here because:
- Personal interest
- My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? Intuit
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- Yes
- (optional) I have expertise in:
- Neo4j
- Cypher
- GraphQL
- Intoto
- SPDX
- CycloneDX
- Others (fill in): Snyk, Artifactory
As one final note, my team is building an application that is much in the same vein as yours. We have a fairly mature project for modeling the infrastructure side. We are beginning to build new features around ingesting SBOM data and artifacts.
- I am interested in contributing to:
- Development
- Documentation
- Issue triage and community
- Technical advisory (review governance document)
- I am here because:
- Personal interest
- My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? _________
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- Yes
- (optional) I have expertise in:
- Neo4j
- Cypher
- GraphQL
- Intoto
- SPDX
- CycloneDX
- Others (fill in): NIST 800-218, 800-161, SAMM, Secure SDLC, Third party risk, Product Security
- I am interested in contributing to:
- Development
- Documentation
- Issue triage and community
- Technical advisory (review governance document)
- I am here because:
- Personal interest
- My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? Raft
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- Yes
- (optional) I have expertise in:
- Neo4j
- Cypher
- GraphQL
- Intoto
- SPDX
- CycloneDX
- Others (fill in):
- I am interested in contributing to:
- Development
- Documentation
- Issue triage and community
- Technical advisory (review governance document)
- I am here because:
- Personal interest
- My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? _________
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- Yes
- (optional) I have expertise in:
- Neo4j
- Cypher
- GraphQL
- Intoto
- SPDX
- CycloneDX
- Others (fill in): Iac, Policy, Compliance, Python, Ascii Doc
Hi all! Thanks for expressing interest, we will probably be starting a series of community meetings soon! Information will be put here when they start - stay tuned! In the meantime, thanks for joining us!
- I am interested in contributing to:
- Development
- Documentation
- Issue triage and community
- Technical advisory (review governance document)
- I am here because:
- Personal interest
- My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? _________
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- Yes
- (optional) I have expertise in:
- Neo4j
- Cypher
- GraphQL
- Intoto
- SPDX
- CycloneDX
- Others (fill in): development in general (Java, Go, Python), secure development, supply chain security
- I am interested in contributing to:
- Development
- Documentation
- Issue triage and community
- Technical advisory (review governance document)
- I am here because:
- Personal interest
- My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? Deutsche Bank
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- Yes
- (optional) I have expertise in:
- Neo4j
- Cypher
- GraphQL
- Intoto
- SPDX
- CycloneDX
- Others (fill in):
- I am interested in contributing to:
- Development
- Documentation
- Issue triage and community
- Technical advisory (review governance document)
- I am here because:
- Personal interest
- My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? _________
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- Yes
- (optional) I have expertise in:
- Neo4j
- Cypher
- GraphQL
- Intoto
- SPDX
- CycloneDX
- Others (fill in):
- I am interested in contributing to:
- Development
- Documentation
- Issue triage and community
- Technical advisory (review governance document)
- I am here because:
- Personal interest
- My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? LunaSec
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- Yes
- (optional) I have expertise in:
- Neo4j
- Cypher
- GraphQL
- Intoto
- SPDX
- CycloneDX
- Others (fill in): graph based vulnerability management databases, golang
LunaSec's LunaTrace project produces SBOM and VEX documents that could be consumed by the graph. LunaTrace is similar to GUAC in that it uses a graph data structure to reason about dependencies.
- I am interested in contributing to:
- Development
- Documentation
- Issue triage and community
- Technical advisory (review governance document)
- I am here because:
- Personal interest
- My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? _________
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- Yes
- (optional) I have expertise in:
- Neo4j
- Cypher
- GraphQL
- Intoto
- SPDX
- CycloneDX
- Others (fill in):
- I am interested in contributing to:
- Development
- Documentation
- Issue triage and community
- Technical advisory (review governance document)
- I am here because:
- Personal interest
- My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? _________
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- Yes
- (optional) I have expertise in:
- Neo4j
- Cypher
- GraphQL
- Intoto
- SPDX
- CycloneDX
- Others (fill in): SLSA Framework, CUElang
btw we have a slack channel now! https://openssf.slack.com/archives/C03U677QD46 come join
could you please share another link ? I´m not able to join to this channel :(
- I am interested in contributing to:
- Development
- Documentation
- Issue triage and community
- Technical advisory (review governance document)
- I am here because:
- Personal interest
- My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity?
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- Yes
- (optional) I have expertise in:
- Neo4j
- Cypher
- GraphQL
- Intoto
- SPDX
- CycloneDX
- Others (fill in):
- I am interested in contributing to:
- Development
- Documentation
- Issue triage and community
- Technical advisory (review governance document)
- I am here because:
- Personal interest
- My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? Not Applicable_____
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- Yes
- (optional) I have expertise in:
- Neo4j
- Cypher
- GraphQL
- Intoto
- SPDX
- CycloneDX
- Others (fill in):
- I am interested in contributing to:
- Development
- Documentation
- Issue triage and community
- Technical advisory (review governance document)
- I am here because:
- Personal interest
- My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? Not Applicable
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- Yes
- (optional) I have expertise in:
- Neo4j
- Cypher
- GraphQL
- Intoto
- SPDX
- CycloneDX
- Others (fill in):
Hi All! We are having our first community meeting next week! Looking forward to meeting everyone!!
Google Meet link: meet.google.com/zpf-pfkj-ywd
@cpendery @shafeeshafee @Jhooomn @nadgowdas @halcyondude @desenna @QAInsights @JudeSafo @danielhaim1 @scpli3 @codelion @anthonyharrison @sallienewton @GreyXor @cepix1234 @rvema @ran-dall @nettrino @ralav @justinabrahms @JonZeolla @tixu @raj-andy1 @zprobst @raj-riskone @apmarshall @rjain15 @s-spindler @peter-thomas-db @AndrzejRPiotrowski @ajvpot @Siddhant-K-code @ryancraig @robh-snyk @KumarAbhishekShahi @gth999
- I am interested in contributing to:
- Development
- Documentation
- Issue triage and community
- Technical advisory (review governance document)
- I am here because:
- Personal interest
- My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? _________
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- Yes
- (optional) I have expertise in:
- Neo4j
- Cypher
- GraphQL
- Intoto
- SPDX
- CycloneDX
- Others (fill in):
What date and time? FYI: Unable to join the slack channel thus far.
…
Monday, 12th of December, 8 am Pacific Time, 11 am East Coast time
- I am interested in contributing to:
- Development
- Documentation
- Issue triage and community
- Technical advisory (review governance document)
- I am here because:
- Personal interest
- My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? Freelancer
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- Yes
- (optional) I have expertise in:
- Neo4j
- Cypher
- GraphQL
- Intoto
- SPDX
- CycloneDX
- Others (fill in): Nmap GSoC, Trivy Operator, Kubectl krew plugins, Damn Vulnerable Bank, containers-from-scratch, sigstore-the-easy-way, Golang, & many more. I'm willing to learn more whenever required.
Blog - https://blog.rewanthtammana.com/
Portfolio - https://rewanthtammana.com/
@JudeSafo here's the meet link: meet.google.com/zpf-pfkj-ywd
- I am interested in contributing to:
- Development
- Documentation
- Issue triage and community
- Technical advisory (review governance document)
- I am here because:
- Personal interest
- My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? Trendyol
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- Yes
- (optional) I have expertise in:
- Neo4j
- Cypher
- GraphQL
- Intoto
- SPDX
- CycloneDX
- Others (fill in): Golang, Sigstore, SBOM, Tekton, Tekton Chains, SPIFFE, cosign, ko, Docker Buildx, Buildpacks, Kyverno, Flux, Helm, regclient, zot, OCI, Vault
- I am interested in contributing to:
- Development
- Documentation
- Issue triage and community
- Technical advisory (review governance document)
- I am here because:
- Personal interest
- My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? Trendyol
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- Yes
- (optional) I have expertise in:
- Neo4j
- Cypher
- GraphQL
- Intoto
- SPDX
- CycloneDX
- Others (fill in): golang, sigstore, oci, sbom, slsa, and many more
Recording from the inaugural GUAC community meeting on 12 Dec (https://drive.google.com/file/d/1u1O6RSYeZT2w6u9jxeSj9X9Z1uqtD1Vn/view)
- I am interested in contributing to:
- Development
- Documentation
- Issue triage and community
- Technical advisory (review governance document)
- I am here because:
- Personal interest
- My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? Yahoo
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- Yes
- (optional) I have expertise in:
- Neo4j
- Cypher
- GraphQL
- Intoto
- SPDX
- CycloneDX
- Others (fill in): golang, sbom, syft
- I am interested in contributing to:
- Development
- Documentation
- Issue triage and community
- Technical advisory (review governance document)
- I am here because:
- Personal interest
- My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? _________
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- Yes
- (optional) I have expertise in:
- Neo4j
- Cypher
- GraphQL
- Intoto
- SPDX
- CycloneDX
- Others (fill in): SBOM
The distributed energy grid might be able to use this so I'd like to get involved. Two questions:
- do I need to be a member of OpenSSF to join the Slack channel?
- what/who is going to host the database that stores all this data?
- I am interested in contributing to:
- Development
- Documentation
- Issue triage and community
- Technical advisory (review governance document)
- I am here because:
- Personal interest
- My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? Lumian.org and SunSpec.org
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- Yes
- (optional) I have expertise in:
- Neo4j
- Cypher
- GraphQL
- Intoto
- SPDX
- CycloneDX
- [x ] Others (fill in): distributed energy, Web3, smart contracts, solidity,
Hi fellow GUAC community members!
We have some exciting updates and announcements for the GUAC project!
Community Updates!
- We are having our next community meeting on 16 February! This will be a monthly recurring meeting! Calendar Invite here (located under Communication in README)
- We created a community mailing list! (located under Communication in README)
GUAC Beta v0.1
- We have a GUAC Beta v0.1 planned coming up. Besides a deployable services, this also marks a milestone in the development of a GraphQL which will eventually mature to the v1.0 API. The GUAC Beta is planned for end of March.
- We had the first maintainer summit since the initial formation of the project. The focus of the workshop was to discuss and get consensus on the open issues/design docs, as well as get some clarity around the proposed GUAC Beta v0.1. The summit notes are made available here (located under Additional References in README).
Lots of changes coming! Including some breaking ones!
- During this transition to the new API, there will be a LOT of code refactors and breaking changes within the next 3 months of project development.
- To ensure that folks can still try out the initial POC, we have created a tag for v0.0.1 to pin to the demo.
- We understand that this will impact contributors that want to contribute code to the project, since there are many moving pieces during this time, there is a chance that certain files within will be refactored or deprecated. For those wanting to contribute, we encourage discussing with a maintainer through issues or slack about the topic first before picking up an issue or opening a PR!
Cheers
GUAC Maintainers
do I need to be a member of OpenSSF to join the Slack channel?
no, anyone can join it.
what/who is going to host the database that stores all this data?
for the attestations and the blob themselves this would be from the repo/storage that they reside in. For the graph DB, currently, we store the linkage and metadata in neo4j. However, this backend is extensible.
In terms of document storage, we have chatted about potentially have a collector that handles this for you (e.g. if you point it to a http endpoint, it will keep a copy of the documents it collects), and these are exposed through the SourceInformation
field within the nodes/edges.
Would you mind creating a separate issue if you'd like further expansion so it will be better searchable! Thanks!
- I am interested in contributing to:
- Development
- Documentation
- Issue triage and community
- Technical advisory (review governance document)
- I am here because:
- Personal interest
- My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? Red Hat
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- Yes
- (optional) I have expertise in:
- Neo4j
- Cypher
- GraphQL
- Intoto
- SPDX
- CycloneDX
- Others (fill in): Rust, Kubernetes, Containers, Java, Community building
- I am interested in contributing to:
- Development
- Documentation
- Issue triage and community
- Technical advisory (review governance document)
- I am here because:
- Personal interest
- My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? _________
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- Yes
- (optional) I have expertise in:
- Neo4j
- Cypher
- GraphQL
- Intoto
- SPDX
- CycloneDX
- Others (golang):
Hello everyone! Please join our slack channel: https://openssf.slack.com/archives/C03U677QD46. If you are interested or looking to contribute and can't find an issue to work on, please reach out to us and we will be happy to point you to issues that need tackling!
Hi all! Now that we are close to our GUAC v0.1 beta launch (in a few weeks). Part of that is closing this issue! And pointing everyone over to the new contributing page that we've updated and fleshed out! So please do take a look there!
We have additional information on how to contribute and also a contributor ladder as well!