tac icon indicating copy to clipboard operation
tac copied to clipboard

Published 20 hours ago verified publisher icon ossf

GUAC PoC cloud credits

Open mlieberman85 opened this issue 1 year ago • 1 comments

GUAC is looking to do a PoC with both maintainers of open source projects and end users into par due to a larger effort in the Security Toolbelt.

I spoke to @SecurityCRob that we don't currently have a mechanism for this but I'm ready to work through whatever we decide makes sense here.

mlieberman85 avatar Feb 17 '24 05:02 mlieberman85

In addition to using purl's github type in most of the rows, I would suggest adding "akas" from other types, specifically Linux packages, Docker, and generic types; and I would also suggest CPEs. Projects that can help with this include:

  • https://github.com/scanoss/purl2cpe
  • https://github.com/nexB/vulnerablecode-purl2cpe
  • https://github.com/repology/repology-rules

bureado avatar Nov 03 '23 02:11 bureado