Comments (4)
nathannaveen
commented on September 25, 2024
👀 @pxp928 @jeffmendoza @lumjjb @mihaimaruseac
from guac.
lumjjb
commented on September 25, 2024
Based on discussion in the June 10 meeting, there is still a use case that could use the scorecard certifier functionality. Proposal is not to delete but move this to another repository under guacsec as a "contrib". @nathannaveen would you be interested in exploring this as a separate repo?
from guac.
nathannaveen
commented on September 25, 2024
@lumjjb thank you for the update from the meetings discussion! I would be interested in working on this.
from guac.
nathannaveen
commented on September 25, 2024
I recently realized that we directly utilize osv-scanner.
Line 27 in dad65eb
I didn't think of the direct osv-scanner dependency while creating this issue, so I think we should take a minute to rethink this before moving the scorecard certifier to another repo. Moving the scorecard certifier to another repo won't really solve our issue since we will still have the osv-scanner dependency (which intern gives us the deps.dev/api/v3 dependency).
Additionally, we will probably not be able to use the deps.dev/api/v3alpha API until it becomes stable because of #1768 (comment).
from guac.
Related Issues (20)
- [ingestion bug] Ingesting this specific CDX SBOM will cause a panic HOT 7
- [feature] Reduce the GitHub workflow tokens' permissions to the minimal
- OpenSSF WG alignment? HOT 2
- [bug] Altas diff failing on CI checks
- [feature] Questions regarding adding REST Endpoints for Vulnerability and Legal info in an SBOM HOT 8
- [ingestion/clearlydefined] clearlydefined fails to run when the osv certifier has already run HOT 3
- [ingestion/bug] identifier purl is empty string
- [feature] CDX parsing to capture version as an artifact for images
- [feature] Add documentRef to HasSbom client operations
- [ingestion/data-quality issue] SPDX SBOM missing data a package has multiple purls
- [feature] ENT set db.SetConnMaxLifetime()
- [feature] Clean up repeated loop and type checking
- [feature] Create gitpod configuration for self-hosted trial instance deployment
- [bug] deps.dev hangs with new rate limit logic
- [bug] Ingesting SBOMs results in license error HOT 6
- [feature] Add the ClearlyDefined certifier to the demo compose file
- [bug] ClearlyDefined certifier failing on certain packages
- [bug] ent: constraint failed: insert nodes to table \"source_names\"
- [bug] certifylegal fails to create index when discovered license string to too large
- [feature] Add ClearlyDefined to e2e test
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from guac.