guac
guac copied to clipboard
guacsec
GUAC aggregates software security metadata into a high fidelity graph database.
It is useful in certain cases to add labels to nodes and edges within the graph.. For example, `Container` nodes, `Source` nodes, etc.. For example, using heuristics as the "CONTAINER"...
Currently parser tests do not test for `GetIdentities` (in pkg/ingestor/parser)
Adding tracing monitor (such as jaeger) to allow for us to collect metrics for troubleshooting and tracking the time taken by each action.
Note performance warning in README that the current proof of concept does not include optimizations to neo4j and may see some degradation of performance. Create a separate PERFORMANCE.md file to...
The identity for edge should apply to almost any type of document/node, and thus should be able to be defined on any GuacNode. This should be done as well as...
Some entities may have multiple identifiers. Let's figure out what's the best way to handle them, especially for merging nodes and insertion of new edges/relating new information. Another tricky question...
SLSA level 3 attestations should contain source information, this information can be included within the graph which will help link to other data sources (e.g. scorecards)
Write a collector to ingest deps.dev bigquery data https://deps.dev/data
Implement a Rekor collector. Pointers: - Using or getting inspiration from the Rekor client from the CLI https://github.com/sigstore/rekor/blob/main/pkg/client/rekor_client.go
