guac
guac copied to clipboard
guacsec
GUAC aggregates software security metadata into a high fidelity graph database.
As with introduction of https://github.com/guacsec/guac/pull/989 It would be nice to have docs added in https://github.com/guacsec/guac-docs to show how to exercise and use this
One thing that we're noticing for a lot of SBOM use cases is that the data that is ingested is mostly the same across SBOMs. Therefore, we want to ensure...
**Describe the bug** There are some PURLs that are in metadata (such as SBOMs) that may be invalid such as: ``` pkg:golang/.. pkg:golang/../../../examples" pkg:golang/./third_party/abc@(devel) pkg:pypi/;platform_system@Darwin ``` **To Reproduce** Ingest an...
## Question I can't import the json file which is produced by criticality_score! url for criticality_score : https://github.com/ossf/criticality_score the content of json file: {"default_score":"0.26270","legacy":{"closed_issues_count":0,"commit_frequency":0,"contributor_count":24,"created_since":32,"github_mention_count":0,"issue_comment_frequency":0,"org_count":0,"recent_release_count":6,"updated_issues_count":0,"updated_since":12},"repo":{"created_at":"2020-08-25T10:59:23Z","language":"C++","license":"Apache License 2.0","star_count":0,"updated_at":"2022-04-27T14:09:35Z","url":"https://github.com/laiyoufafa/aafwk_aafwk_lite"}}
Come up with a set of predicates and data model which will fulfill GUAC queries to provide a standard model for parsers to output (as part of a graphQL API),...
It seems for me that I'm not getting any hits on deps.dev collector for maven packages ingested.. Need to validate this.
# Description of the PR Improved cdx parsing and updated the test accordingly. Fixes: #1884 # PR Checklist - [x] All commits have [a Developer Certificate of Origin (DCO)](https://wiki.linuxfoundation.org/dco) --...
# Description of the PR Added annotate-metadata command in cli allowing users to add hasMetadata attestation for subject to the graph. Format: `guacone annotate-metadata [flags] `. Fixes: #1710 # PR...
# Description of the PR update certifier to use paginated query for package and source to not hit `packages pq: got 563996 parameters but PostgreSQL only supports 65535 parameters\n` error....
# Description of the PR Included logs that state when the processing is complete, including the file name, document hash, the status, the files size, and the number of retries...
