guac icon indicating copy to clipboard operation
guac copied to clipboard

Published 20 hours ago verified publisher icon guacsec

[feature] Proposal: Legal information representation in GUAC graph

Open jeffmendoza opened this issue 2 years ago • 2 comments

Hi folks, I have written up a design proposal for representing legal information in GUAC verb/noun nodes: https://docs.google.com/document/d/1NmLlU5wuP2X9CK7QCWZkkOciNn1QFLKQCFCW9CEI8HQ/edit?usp=sharing

It covers the proposed nodes and the attributes they will have. Also, it covers how the nodes will be populated from SPDX, CycloneDX, and ClearlyDefined.

Please feel free to comment on particular sections of the doc, and/or leave general comments below.

jeffmendoza avatar Jul 03 '23 21:07 jeffmendoza

  • [x] GraphQL API #1207
  • [x] Inmem #1207
  • [x] Arango #1349
  • [x] Ent #1321 #1312
  • [x] Ingestor #1244
  • [x] SPDX Parser #1244
  • [x] CycloneDX Parser https://github.com/guacsec/guac/pull/1985
  • [ ] ClearlyDefined Collector (issue: https://github.com/guacsec/guac/issues/1964)

debt/cleanup:

  • [ ] GraphQL Examples
  • [x] (obsolete) --gql-test-data Examples
  • [x] Resolver validity checks and unit tests #1269
  • [ ] SPDX Origin / Collector

jeffmendoza avatar Sep 08 '23 22:09 jeffmendoza

We are also missing license information that could come from deps.dev. The current collector and parser need to be updated to capture this information.

pxp928 avatar Jun 13 '24 13:06 pxp928