2017/10/23 - Meeting Notes

Apologies for the mangled links. Discourse is given me a cryptic error about not being allowed to link to “that host” without any additional info on what the problem is. Replace “(dot)” with “.”

Recording: docker(dot)zoom(dot)us/recording/play/huHQGzxtouxnNhRhcBgoTXRlUJg-r8D0ebI-T7IfptdThfVl99dAtuurDKjADs6O

Presentation from Wendy Dembowski on Grafeas (slides: docs(dot)google(dot)com/presentation/d/13zaA953c6JXUkSI7uXBlauXWCWDrdrr98A5SkyT7tXU )

  • Grafeas is a recently announced open source project from Google that defines a metadata API for computing components.
  • Two primary concepts:
    • Note - a relatively static piece of information such as a CVE description, or a normalized piece of information that will have many occurrences.
    • Occurrence - references a note in a specific context, possibly with context specific additional information.
  • Currently has Swagger and Protobuf based definitions of the metadata.
    • Likely to drop Swagger and only officially support Protobuf. SIG was supportive of this plan.


SIG members to take a look at Grafeas for more in depth discussion at next SIG.