guac

guac copied to clipboard

[ingestion/data-quality issue] CycloneDX Ingestion Failing

2

I am running the docker compose and I followed all the steps from https://docs.guac.sh/setup/ and getting an error importing data `charmalloc@Joes-MacBook-Pro guac % ./bin/guacone collect files ~/dev/elixir/course/live_view_studio/bom.xml {"level":"info","ts":1692219911.340304,"caller":"cli/init.go:53","msg":"Using config file:...

joestein

In the README we have a list of "formats": [CycloneDX](https://github.com/CycloneDX/specification) [Dead Simple Signing Envelope](https://github.com/secure-systems-lab/dsse) [Deps.dev API](https://deps.dev/) [In-toto ITE6](https://github.com/in-toto/attestation) [OpenSSF Scorecard](https://github.com/ossf/scorecard) [OSV](https://osv.dev/) [SLSA](https://github.com/slsa-framework/slsa) [SPDX](https://spdx.dev/specifications/) Two things: 1. Within GUAC's on internal...

mlieberman85

**Is your feature request related to a problem? Please describe.** Currently, the collectors talk to NATs while guacone talks to graphQL directly, due to the issue #731 . However, we've...

lumjjb

**Describe the bug** Currently Amazon Neptune does not support storing list based properties. GUAC throws the following error message while ingesting sample data with neptune as the backend - `Expected...

stevemenezes

@mlieberman85 and I have been chatting about different ways to run/configure GUAC. We've been hearing some concerns that are outlined in the "Background" of the below doc. https://docs.google.com/document/d/1gyoXic3-UcLj8spgbux4aNDfiEBANikKFN30NDlx-yY/edit?usp=sharing The "Proposal"...

jeffmendoza

Collector Subscriber requires data sources tracking

5

Currently, the collectors run through all the data sources provided by the collector subscriber. There needs to be a collector-specific time stamp for all the data sources that are checked...

pxp928

[feature] Querying a package for direct vulnerabilities (experimental query API)

14

## Question I am trying out guac, approaching it with I would consider a simple and primary use case: getting known vulnerabilities for a set of packages. I did ingest...

ctron

[feature] Ability to export the guacone command

1

**Is your feature request related to a problem? Please describe.** Implement logic to allow exporting guacone command either in the form of an API or a package. **Describe the solution...

stevemenezes

[feature] Continuous, unattended Google Cloud Storage collection

2

Hi, In this PR https://github.com/guacsec/guac/pull/989, we exposed the GCS collector via the `guacone` CLI, this means that an user can on-demand collect SBOMs and other pieces of metadata form a...

migmartri

[feature] Investigate if artifacs can/should be used in VEX files

1

**Is your feature request related to a problem? Please describe.** During development of [VEX CSAF support](https://github.com/guacsec/guac/pull/729) there was left open to investigate whether artifacts can be used alongside PURLs. **Describe...

dejanb