Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add in-toto project ideas for LFX 2024 Term 2 #1228

Merged
merged 6 commits into from
May 8, 2024
Merged

Add in-toto project ideas for LFX 2024 Term 2 #1228

Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
d8544dd
Add in-toto GSoC project Idea
PradyumnaKrishna Mar 24, 2024
06bac4c
Merge branch 'cncf:main' into main
PradyumnaKrishna Mar 24, 2024
2c69039
Add new in-toto project idea.
PradyumnaKrishna Mar 25, 2024
fe65e52
Merge branch 'cncf:main' into main
PradyumnaKrishna May 6, 2024
3a2862d
Add in-toto project ideas for LFX 2024 Term 2
PradyumnaKrishna May 6, 2024
ae2d69d
Merge branch 'main' into main
nate-double-u May 8, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
69 changes: 46 additions & 23 deletions programs/lfx-mentorship/2024/02-Jun-Aug/project_ideas.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,51 @@
- Bill Mulligan(xmulligan, <[email protected]>)
- Upstream Issue: <https://github.com/cilium/cilium.io/issues/492>


### in-toto

### Add GUAC support

- Description: The project aims to integrate Graph for Understanding Artifact Composition (GUAC) with in-toto, a framework safeguarding software supply chain integrity. [Graph for Understanding Artifact Composition (GUAC)](https://guac.sh/) aggregates software security metadata into a high fidelity graph database—normalizing entity identities and mapping standard relationships between them. This project seeks to extend in-toto's capabilities by incorporating GUAC, enabling users to query GUAC with Package URLs (purls) and retrieve pertinent attestations.
- Expected Outcome: Adds functionality to query GUAC, retrieve and parse relevant attestations for the specified artifact.
- Recommended Skills: Go, Python
- Mentor(s):
- Santiago Torres-Arias (@SantiagoTorres, [email protected])
- Pradyumna Krishna (@PradyumnaKrishna, [email protected])
- Upstream Issue: https://github.com/in-toto/attestation-verifier/issues/29

#### Documentation Boost!

- Description:
- Help contributors get started with improving the documentation of CNCF projects and TAGs. To start, we'd like mentees to help to
improve both the documentation of a project, and also encourage them to contribute to other projects. So, view the issues as a starting
point to help start your career in open source.
- Expected Outcome:
- Develop effective documentation for CNCF projects. As a start, the CNCF project in-toto has a fairly clear set of requirements for what
documentation changes are needed.
- Recommended Skills:
- Technical writing
- Basic understanding of cloud native projects (or a desire to learn!)
- Mentor(s):
- Justin Cappos @JustinCappos [email protected]
- Patrice Chalin @chalin [email protected]
- Upstream Issues:
- https://github.com/in-toto/docs/issues/85
- https://github.com/in-toto/docs/issues/90
- https://github.com/in-toto/docs/issues/91
- https://github.com/in-toto/docs/issues/92

#### Sigstore support for in-toto-jenkins

- Description: The [in-toto Jenkins plugin](https://github.com/in-toto/in-toto-jenkins-plugin) allows users to generate metadata in their build pipelines. Currently keys or credentials must be provided to the plugin to sign the metadata, whereas Sigstore offers keyless signing and verification. The addition of Sigstore transport will allow seamless uploading of metadata to Rekor transparency log. This project aims to enhance the Jenkins plugin by adding [Sigstore](https://www.sigstore.dev) support, allowing keyless signing and adding Sigstore transport.
- Expected Outcome: in-toto-jenkins plugins gets support for Sigstore
- Recommended Skills: Java, Jenkins
- Mentor(s):
- Santiago Torres-Arias (@SantiagoTorres, [email protected])
- Pradyumna Krishna (@PradyumnaKrishna, [email protected])
- Upstream Issue: https://github.com/in-toto/in-toto-jenkins-plugin/issues/6


### Crossplane

#### Make Crossplane Easy - Improving the Developer Experience
Expand All @@ -42,6 +87,7 @@
- Ezgi Demirel (secondary) (@ezgidemirel, [email protected])
- Upstream Issue: https://github.com/crossplane/crossplane/issues/3957


### Jaeger

#### Jaeger-V2 Observability and Healthchecks
Expand Down Expand Up @@ -316,29 +362,6 @@ and become contributors to other projects / TAGs later in the project period. T
- Upstream Issues:
- https://github.com/cncf/techdocs/issues/162

### in-toto

#### Documentation Boost!

- Description:
- Help contributors get started with improving the documentation of CNCF projects and TAGs. To start, we'd like mentees to help to
improve both the documentation of a project, and also encourage them to contribute to other projects. So, view the issues as a starting
point to help start your career in open source.
- Expected Outcome:
- Develop effective documentation for CNCF projects. As a start, the CNCF project in-toto has a fairly clear set of requirements for what
documentation changes are needed.
- Recommended Skills:
- Technical writing
- Basic understanding of cloud native projects (or a desire to learn!)
- Mentor(s):
- Justin Cappos @JustinCappos [email protected]
- Patrice Chalin @chalin [email protected]
- Upstream Issues:
- https://github.com/in-toto/docs/issues/85
- https://github.com/in-toto/docs/issues/90
- https://github.com/in-toto/docs/issues/91
- https://github.com/in-toto/docs/issues/92


### WasmEdge

Expand Down
Loading