forked from grafeas/grafeas
-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add support for keyType in signature by adding a new message type #1
Draft
hkadakia
wants to merge
1
commit into
master
Choose a base branch
from
signature
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
hkadakia
pushed a commit
that referenced
this pull request
Dec 8, 2021
add archive time field to occurrence
hkadakia
pushed a commit
that referenced
this pull request
Dec 28, 2021
add pg filter based on mysql filter
hkadakia
pushed a commit
that referenced
this pull request
Dec 28, 2021
All the pgsql specific code will be moved out to tetradio repo, as mentioned upstream in grafeas#341 When we are ready, we can submit this and pgsql code to be merged upstream.
hkadakia
added a commit
that referenced
this pull request
Dec 28, 2021
* updating json examples and extended the grpc client example * Deal with Windows line-endings that git introduces * Allow for Windows protoc download * Deal with explicitly shelling out via bash * Unzip on Windows slow to release file handles * fix marshalling error when deleting projects * backfill tests * Add tests on permission checking Add some tests to validate the permission checks on UpdateOccurrence operations. To support the tests, add a allowListAuth test implementation of Auth that just stores a list of allowed project/permission pairs. Two of the tests are documenting incorrect behavior that will be fixed in a later commit. Namely: (1) Updating the NoteName should require NotesAttachOccurrence on the old NoteName (as this is effectively a detach operation). (2) When excluding the NoteName from the update using an UpdateMask, the permission check should be performed against the existing NoteName, not whatever was passed in (and which will be ignored). * Fix permission checks in occurrence update function This commit fixes the permission checks in UpdateOccurrence and updates the tests from the last commit to demonstrate the change. In particular, we now check the NotesAttachOccurrence on the occurrence's existing NoteName before allowing updates. We continue to check the NotesAttachOccurrence on the updated NoteName (if it is different from the existing NoteName whose permission has already been checked). This means that updating an occurrence from one note to another requires NotesAttachOccurrence on both notes. * Changes to v1 proto only * fix the field number of inclusive. * also add changes to v1beta1 * fix typo * Update running_grafeas.md The instructions for using the curl command with the certificate didn't work for me. I got the error message: `curl: (58) unable to set private key file: 'server.pem' type PEM` When I added these additional flags, it worked fine. * add grafeas-elasticsearch to list of backends * Add the vendor field to Vulnerability.Detail * Increase max page size in v1 API: 1k -> 10k. * fixes ARM build * initial commit of grafeas proto * add files generated by running make * Added roadmap and clarifications for architecture * addressing comments on the PR * further comments addressed * Add the non_compliance_reason field to ComplianceOccurrence The field is necessary to support the cases where the benchmark is non-compliant but there are no associated files, like the upcoming SQL checks. * remove unused deps from compliance proto * add COMPLIANCE to note kind * Added SECURITY guidelines * fix: broken link * Add the vendor info to the V1 api. * Initial commit of DSSE Attestation and IntotoProvenance support. * Remove prefix from intotoprovenance * Add generation code. * Add dsse references in grafeas.proto * Fixes in reference to the comments. * Fix common.proto field format * Change names of fields to work around naming conflicts. * Renamed Builder to BuilderConfig, to not conflict with the Java generated Builder class. * Make casing of dsse consistent * Make casing of dsse consistent * Move the package type and effective severity to the PackageIssue level When we are creating vulnerabilities, we may find vulnerabilities for multiple different package types (e.g. OS, Maven, NPM, Go, etc.) on a single Note. Since type is currently on the Vulnerability occurrence level, we need to move it down into the PackageIssue level. Similarly, vulnerabilities issued for different package types (potentially by different vulnerability sources) can have different effective severities. Therefore, this field also needs to be moved down into the PackageIssue level. * Change intoto provenance arguments to be of Any type. * Change intoto provenance arguments to be of Any type. * Fix small typo * Add comment about "Any" * SBOM protos * move spdx proto to v1beta1 and split into seperate files * Add TODO to encapsulate spdx license fields * Change arguments and recipe from []Any to just Any, to more closely follow the spec. * Add SPDX Relationships protos and consolidate SPDX protos into one file. * Remove obsolete SPDX files. * Added fields to PackageInfoOccurrence and RelationshipNote * Created License message * Use License message instead of the string field type * Use annotations for output only fields * Clean up comments for output only fields * Top-level enums should appear ahead of messages * Correction: top-level enums should appear after messages * 1. Add a new type, of type slsa_provenance, which exactly follows the slsa spec (as opposed to the intoto_provenance, which has a few differences). 2. Add slsa_provenance as a predicate type to the intoto_statement 3. Add the intoto_statement to the build type. 4. Change the json serialization of the intoto_statement type to "_type" to follow the spec. * Correct import paths * Keep intoto_provenance as-is. * Cmment out the slsa provenance to see if compilation works. * Fix spelling of deployable * 1. Move intoto_statement to its own file, replacing dsse_attestation and references to it. 2. Add slsa_provenaecn and intoto_statement to generate file. * Add build verification and tests * Keep dsse attestation, just move around intoto_statement to its own file. * Keep dsse attestation with the original statement * Added links for clarification. * Rename Builder message to BuilderConfig * Prepend messages with "Slsa" to avoid naming conflicts in the "grafeas.v1" package. * changes for cvss v3 * Add grafeas-rds to list of backends. * use backticks for strings * regen with protoc 3.11.4 and grpc-gateway 1.19.6 * add v1 proto generated code * preserve original v1 generate.go * regen with v2 and sync with master * add git validation that was done in https://git.vzbuilders.com/maditya/grafeas-orig/pull/3 * add pg filter based on mysql filter * Remove pgsql implementation (#1) All the pgsql specific code will be moved out to tetradio repo, as mentioned upstream in grafeas#341 When we are ready, we can submit this and pgsql code to be merged upstream. * add custom uploader_id and content_hash field for package type (grafeas#2) Co-authored-by: jwang04 <jwang04@verizonmedia.com> * regen with protoc 3.11.4 and grpc-gateway 1.19.6 * add v1 proto generated code * preserve original v1 generate.go * regen with v2 and sync with master * add pg filter based on mysql filter * initial working version * fix kind sql parsing * Remove pgsql implementation (#1) All the pgsql specific code will be moved out to tetradio repo, as mentioned upstream in grafeas#341 When we are ready, we can submit this and pgsql code to be merged upstream. Co-authored-by: greendinosaur <greendinosaur@users.noreply.github.com> Co-authored-by: Sean Dukehart <tomcruise81@users.noreply.github.com> Co-authored-by: Michael Parker <michael@parker.gg> Co-authored-by: wkozlik <61755482+wkozlik@users.noreply.github.com> Co-authored-by: Eric Zimanyi <ezimanyi@google.com> Co-authored-by: Aysylu Greenberg <aysylu@users.noreply.github.com> Co-authored-by: Neetha Sebastian <neethas@google.com> Co-authored-by: Dina Graves Portman <dinagraves@google.com> Co-authored-by: Yinpeng Li <yinpengli@google.com> Co-authored-by: Catherine Jones <31020910+catherinejones@users.noreply.github.com> Co-authored-by: Pietro Ferretti <pferretti@google.com> Co-authored-by: Nolan Emirot <emirot.nolan@gmail.com> Co-authored-by: vyinpengli <mousquetairesyl@gmail.com> Co-authored-by: sherzberg <sherzberg@google.com> Co-authored-by: Nicholas Cho <nickcho2@gmail.com> Co-authored-by: Yousef Alowayed <yousef.alowayed@gmail.com> Co-authored-by: Wiktor Kozlik <wkozlik@google.com> Co-authored-by: Ethan Anderson <eanderson@atlassian.com> Co-authored-by: yzhao02 <yonghe.zhao@verizonmedia.com> Co-authored-by: Aditya Mahendrakar <maditya@verizonmedia.com> Co-authored-by: Junyi Wang <junyi.wang@oath.com> Co-authored-by: jwang04 <jwang04@verizonmedia.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.