guac
guac copied to clipboard
guacsec
Interested in Dev/Contributing to GUAC?
Welcome! This thread is on expressing interest in contributing to GUAC! We are glad to welcome our fellow open source contributors! As the project is starting up, we will be creating issues that folks can pick up and work on. In the meantime, as the code base is forming up, we'd like to engage directly with our contributors!
BTW we now have a slack channel: https://openssf.slack.com/archives/C03U677QD46
If you are interested in contributing, it would be very helpful to provide the following details (copy and paste into your comment):
1. I am interested in contributing to:
- [ ] Development
- [ ] Documentation
- [ ] Issue triage and community
- [ ] Technical advisory (review [governance document](https://github.com/artifact-ff/artifact-ff/blob/main/GOVERNANCE.md#technical-advisory-members))
2. I am here because:
- [ ] Personal interest
- [ ] My company/orgs i work with are interested in this
3. What is your associated company/org if you're contributing in their capacity? _________
4. Depending on how things go, I may be interested in becoming a maintainer of the project
- [ ] Yes
5. (optional) I have expertise in:
- [ ] Neo4j
- [ ] Cypher
- [ ] GraphQL
- [ ] Intoto
- [ ] SPDX
- [ ] CycloneDX
- [ ] Others (fill in):
- I am interested in contributing to:
- [x] Development
- [x] Documentation
- [x] Issue triage and community
- [ ] Technical advisory (review governance document)
- I am here because:
- [x] Personal interest
- [ ] My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity?
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- [x] Yes
- (optional) I have expertise in:
- [ ] Neo4j
- [ ] Cypher
- [ ] GraphQL
- [ ] Intoto
- [ ] SPDX
- [x] CycloneDX
- [x] Others (fill in): Grype, Syft, Trivy, OSV data formats, Golang
Note: my company may be interested in the project and me contributing in their capacity, so I'll update this note if they approve that work
- I am interested in contributing to:
- [x] Development
- [x] Documentation
- [x] Issue triage and community
- [ ] Technical advisory (review governance document)
- I am here because:
- [x] Personal interest
- [ ] My company/orgs I work with are interested in this
-
~~What is your associated company/org if you're contributing in their capacity? _________~~
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- [ ] Yes
- [x] Maybe. Would be interested to stick with it so I can learn more about supply chain security 😃
- (optional) I have expertise in:
- [ ] Neo4j
- [ ] Cypher
- [x] GraphQL (somewhat)
- [ ] Intoto
- [ ] SPDX
- [ ] CycloneDX
- [x] Others (fill in): HTML, CSS, JavaScript, Node.js, React, SQL. Open to expand my contribution/learning if more work is needed in any area of this project
- I am interested in contributing to:
- [X] Development
- [ ] Documentation
- [ ] Issue triage and community
- [ ] Technical advisory (review governance document)
- I am here because:
- [X] Personal interest
- [ ] My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? _________
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- [X] Yes
- (optional) I have expertise in:
- [ ] Neo4j
- [ ] Cypher
- [ ] GraphQL
- [ ] Intoto
- [ ] SPDX
- [ ] CycloneDX
- [X] Others (java, spring boot, mySql, mongodb, redis, golang, xml, json, rabbitmq, activemq, gcp):
- I am interested in contributing to:
- [x] Development
- [x] Documentation
- [x] Issue triage and community
- [x] Technical advisory (review governance document)
- I am here because:
- [x] Personal interest
- [ ] My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? _Intel
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- [x] Yes
- (optional) I have expertise in:
- [x] Neo4j
- [x] Cypher
- [ ] GraphQL
- [ ] Intoto
- [ ] SPDX
- [x] CycloneDX
- [ ] Others (fill in):
btw we have a slack channel now! https://openssf.slack.com/archives/C03U677QD46 come join
- I am interested in contributing to:
- [x] Development
- [x] Documentation
- [x] Issue triage and community
- [x] Technical advisory (review governance document)
- I am here because:
- [x] Personal interest
- [x] My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? ...stay tuned.
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- [x] Yes
- (optional) I have expertise in:
- [x] Neo4j
- [x] Cypher
- [x] GraphQL
- [ ] Intoto
- [ ] SPDX
- [ ] CycloneDX
- [x] Others (fill in):
- [x] cncf/landscape-graph
- [x] cncf/tag-observability
- [x] k8s, linkerd, operators, streaming, ci, gitops, dataThings, STRIDE, pride, compliance, ...
- [x] Cirrus, Nimbostratus, Cumulonimbus, Stratocumulus, Mammatus, Orographic, Lenticular, and Contrails.
- I am interested in contributing to:
- [x] Development
- [x] Documentation
- [x] Issue triage and community
- [x] Technical advisory (review governance document)
- I am here because:
- [x] Personal interest
- [ ] My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? _________
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- [x] Yes
- (optional) I have expertise in:
- [ ] Neo4j
- [ ] Cypher
- [ ] GraphQL
- [ ] Intoto
- [ ] SPDX
- [x] CycloneDX
- [x] Others (fill in): Grype, Syft, Trivy, testing, CI
Note: my company may be interested in the project and me contributing in their capacity, so I'll update this note if they approve that work.
- I am interested in contributing to:
- [ ] Development
- [x] Documentation
- [x] Issue triage and community
- [x] Technical advisory (review governance document)
- I am here because:
- [x] Personal interest
- [ ] My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? _________
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- [x] Yes
- (optional) I have expertise in:
- [x] Neo4j
- [ ] Cypher
- [ ] GraphQL
- [ ] Intoto
- [ ] SPDX
- [ ] CycloneDX
- [ ] Others (fill in):
- I am interested in contributing to:
- [X] Development
- [ ] Documentation
- [X] Issue triage and community
- [X] Technical advisory (review governance document)
- I am here because:
- [X] Personal interest
- [X] My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? https://haiphen.io__
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- [X] Yes
- (optional) I have expertise in:
- [X] Neo4j
- [X] Cypher
- [X] GraphQL
- [ ] Intoto
- [X] SPDX
- [ ] CycloneDX
- [X] Others (fill in): ml, nlp, BERT, inductive GNN
- I am interested in contributing to:
- [ ] Development
- [x] Documentation
- [x] Issue triage and community
- [x] Technical advisory (review governance document)
- I am here because:
- [x] Personal interest
- [ ] My company/orgs i work with are interested in this
- Depending on how things go, I may be interested in becoming a maintainer of the project
- [x] Yes
- (optional) I have expertise in:
- [x] Neo4j
- [x] Cypher
- [x] GraphQL
- [ ] Intoto
- [ ] SPDX
- [x] CycloneDX
- [ ] Others (fill in):
- I am interested in contributing to:
- [ ] Development
- [X] Documentation
- [X] Issue triage and community
- [X] Technical advisory (review governance document)
- I am here because:
- [X] Personal interest
- [ ] My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? _________
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- [X] Yes
- (optional) I have expertise in:
- [ ] Neo4j
- [ ] Cypher
- [ ] GraphQL
- [ ] Intoto
- [ ] SPDX
- [ ] CycloneDX
- [ ] Others (fill in):
- I am interested in contributing to:
- [ ] Development
- [ ] Documentation
- [ ] Issue triage and community
- [x] Technical advisory (review governance document)
- I am here because:
- [x] Personal interest
- [ ] My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? N/A
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- [ ] Yes
- (optional) I have expertise in:
- [x] Neo4j
- [x] Cypher
- [ ] GraphQL
- [ ] Intoto
- [x] SPDX
- [x] CycloneDX
- [x] Others (fill in): We designed and implemented a similar Security Graph Language (SGL) @SourceClear. The work was presented at IEEE SecDev 2018: SGL Slides SGL Paper
- I am interested in contributing to:
- [x] Development
- [x] Documentation
- [x] Issue triage and community
- [x] Technical advisory (review governance document)
- I am here because:
- [x] Personal interest
- [ ] My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? _________
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- [ ] Yes
- (optional) I have expertise in:
- [ ] Neo4j
- [ ] Cypher
- [ ] GraphQL
- [ ] Intoto
- [x] SPDX
- [x] CycloneDX
- [x] Others (fill in): Python
- I am interested in contributing to:
- [ ] Development
- [x ] Documentation
- [x ] Issue triage and community
- [x ] Technical advisory (review governance document)
- I am here because:
- [x ] Personal interest
- [x ] My company/orgs I work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? Intel_______
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- [x ] Yes
- [x ] Co-Maintainer
- (optional) I have expertise in:
- [ ] Neo4j
- [ ] Cypher
- [ ] GraphQL
- [ ] Intoto
- [ ] SPDX
- [ ] CycloneDX
- [x ] Others (fill in):
- [x ] Policy
- [x ] Policy Shifted Left
- [x ] SDLC Requirements
- [x ] Risk Management
- [x ] Compliance through SDLC
- [x ] NIST 800-218
- [x ] Smart aggregation turning data into meaning
- I am interested in contributing to:
- [X] Development
- [X] Documentation
- [ ] Issue triage and community
- [X] Technical advisory (review governance document)
- I am here because:
- [ ] Personal interest
- [X] My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? Morphysm
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- [ ] Yes
- (optional) I have expertise in:
- [X] Neo4j
- [ ] Cypher
- [X] GraphQL
- [ ] Intoto
- [X] SPDX
- [ ] CycloneDX
- [X] Go
- [X] CodeQL
- I am interested in contributing to:
- [x] Development
- [x] Documentation
- [x] Issue triage and community
- [ ] Technical advisory (review governance document)
- I am here because:
- [x] Personal interest
- [x] My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? _________
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- [ ] Yes
- (optional) I have expertise in:
- [ ] Neo4j
- [ ] Cypher
- [ ] GraphQL
- [ ] Intoto
- [ ] SPDX
- [ ] CycloneDX
- [ ] Others (fill in): Python, C#, C++, HTML, PHP, MSSQL, Oracle, TypeScript, NodeJs, Bash, Batch, PowerShell
- I am interested in contributing to:
- [x] Development
- [x] Documentation
- [x] Issue triage and community
- [x] Technical advisory (review governance document)
- I am here because:
- [x] Personal interest
- [x] My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? FannieMae
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- [x] Yes
- (optional) I have expertise in:
- [x] Neo4j
- [ ] Cypher
- [x] GraphQL
- [ ] Intoto
- [x] SPDX
- [x] CycloneDX
- [ ] Others (fill in): Java, TypeScript, Python, Bash
- I am interested in contributing to:
- [x] Development
- [ ] Documentation
- [x] Issue triage and community
- [x] Technical advisory (review governance document)
- I am here because:
- [x] Personal interest
- [ ] My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? _________
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- [x] Yes
- (optional) I have expertise in:
- [x] Neo4j
- [x] Cypher
- [x] GraphQL
- [ ] Intoto
- [ ] SPDX
- [x] CycloneDX
- [x] Others (fill in): Go, Rust, C/C++, JS, TS, Ruby, Bash, Python, WASM, HTML/CSS, SQL
- I am interested in contributing to:
- [x] Development
- [ ] Documentation
- [x] Issue triage and community
- [x] Technical advisory (review governance document)
- I am here because:
- [x] Personal interest
- [x] My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? Crash Override
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- [x] Yes
- (optional) I have expertise in:
- [x] Neo4j (familiarity)
- [x] Cypher (familiarity)
- [x] GraphQL (familiarity)
- [ ] Intoto
- [ ] SPDX
- [x] CycloneDX (familiarity)
- [x] Others (fill in): Python, Golang, C, LLVM, GCC, JS, TS, Bash, Python, HTML/CSS, SQL
- I am interested in contributing to:
- [x] Development
- [x] Documentation
- [x] Issue triage and community
- [x] Technical advisory (review governance document)
- I am here because:
- [x] Personal interest
- [ ] My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? _NA
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- [x] Yes
- (optional) I have expertise in:
- [ ] Neo4j
- [ ] Cypher
- [x] GraphQL
- [ ] Intoto
- [ ] SPDX
- [ ] CycloneDX
- [x] Developer Advocacy
- [x] Platform Enabler
- [x] Programming Distributed Systems & Design Internals
- [x] Best practices, recommendations for cloud native applications for good.
- I am interested in contributing to:
- [x] Development
- [ ] Documentation
- [ ] Issue triage and community
- [x] Technical advisory (review governance document)
- I am here because:
- [ ] Personal interest
- [x] My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? eBay
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- [x] Yes
- (optional) I have expertise in:
- [ ] Neo4j
- [ ] Cypher
- [x] GraphQL
- [ ] Intoto
- [ ] SPDX
- [ ] CycloneDX
- [ ] Others (fill in):
- I am interested in contributing to:
- [X] Development
- [X] Documentation
- [ ] Issue triage and community
- [X] Technical advisory (review governance document)
- I am here because:
- [ ] Personal interest
- [X] My company/orgs I work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? Seiso - cloud native security consulting. https:/sei.so
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- [X] Yes
- (optional) I have expertise in:
- [ ] Neo4j
- [X] Cypher
- [ ] GraphQL
- [X] Intoto (user)
- [ ] SPDX
- [ ] CycloneDX
- [X] Others (fill in): Policy [as code], compliance automation, TAG-Security Controls, being pedantic
- I am interested in contributing to:
- [ x ] Development
- [ x ] Documentation
- [ ] Issue triage and community
- [ ] Technical advisory (review governance document)
- I am here because:
- [ X ] Personal interest
- [ ] My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? _________
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- [ ] Yes
- (optional) I have expertise in:
- [ X ] Neo4j
- [ ] Cypher
- [ ] GraphQL
- [ ] Intoto
- [ ] SPDX
- [ X ] CycloneDX
- [ ] Others (fill in):
- I am interested in contributing to:
- [ ] Development
- [X ] Documentation
- [ X] Issue triage and community
- [ X] Technical advisory (review governance document)
- I am here because:
- [ X] Personal interest
- [ ] My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? _________
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- [X ] Yes
- (optional) I have expertise in:
- [ ] Neo4j
- [ ] Cypher
- [ ] GraphQL
- [ ] Intoto
- [ ] SPDX
- [ ] CycloneDX
- [X ] Others (fill in): Python, Compliance, FedRAMP,
- I am interested in contributing to:
- [x] Development
- [x] Documentation
- [x] Issue triage and community
- [x] Technical advisory (review governance document)
- I am here because:
- [x] Personal interest
- [X] My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? Intuit
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- [x] Yes
- (optional) I have expertise in:
- [x] Neo4j
- [x] Cypher
- [x] GraphQL
- [ ] Intoto
- [ ] SPDX
- [ ] CycloneDX
- [x] Others (fill in): Snyk, Artifactory
As one final note, my team is building an application that is much in the same vein as yours. We have a fairly mature project for modeling the infrastructure side. We are beginning to build new features around ingesting SBOM data and artifacts.
- I am interested in contributing to:
- [ ] Development
- [x] Documentation
- [x] Issue triage and community
- [ ] Technical advisory (review governance document)
- I am here because:
- [x] Personal interest
- [ ] My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? _________
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- [ ] Yes
- (optional) I have expertise in:
- [ ] Neo4j
- [ ] Cypher
- [ ] GraphQL
- [ ] Intoto
- [x] SPDX
- [ ] CycloneDX
- [x] Others (fill in): NIST 800-218, 800-161, SAMM, Secure SDLC, Third party risk, Product Security
- I am interested in contributing to:
- [x] Development
- [x] Documentation
- [x] Issue triage and community
- [x] Technical advisory (review governance document)
- I am here because:
- [x] Personal interest
- [ ] My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? Raft
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- [x] Yes
- (optional) I have expertise in:
- [ ] Neo4j
- [ ] Cypher
- [ ] GraphQL
- [ ] Intoto
- [ ] SPDX
- [ ] CycloneDX
- [ ] Others (fill in):
- I am interested in contributing to:
- [ ] Development
- [x] Documentation
- [ ] Issue triage and community
- [ ] Technical advisory (review governance document)
- I am here because:
- [x] Personal interest
- [ ] My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? _________
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- [x] Yes
- (optional) I have expertise in:
- [ ] Neo4j
- [ ] Cypher
- [ ] GraphQL
- [ ] Intoto
- [ ] SPDX
- [ ] CycloneDX
- [x] Others (fill in): Iac, Policy, Compliance, Python, Ascii Doc
Hi all! Thanks for expressing interest, we will probably be starting a series of community meetings soon! Information will be put here when they start - stay tuned! In the meantime, thanks for joining us!
- I am interested in contributing to:
- [x] Development
- [x] Documentation
- [x] Issue triage and community
- [x] Technical advisory (review governance document)
- I am here because:
- [x] Personal interest
- [ ] My company/orgs i work with are interested in this
-
What is your associated company/org if you're contributing in their capacity? _________
-
Depending on how things go, I may be interested in becoming a maintainer of the project
- [x] Yes
- (optional) I have expertise in:
- [ ] Neo4j
- [ ] Cypher
- [ ] GraphQL
- [ ] Intoto
- [x] SPDX
- [x] CycloneDX
- [x] Others (fill in): development in general (Java, Go, Python), secure development, supply chain security
