Apologies for the mangled links. Discourse is given me a cryptic error about not being allowed to link to “that host” without any additional info on what the problem is. Replace “(dot)” with “.”
Recording: docker(dot)zoom(dot)us/recording/play/huHQGzxtouxnNhRhcBgoTXRlUJg-r8D0ebI-T7IfptdThfVl99dAtuurDKjADs6O
Presentation from Wendy Dembowski on Grafeas (slides: docs(dot)google(dot)com/presentation/d/13zaA953c6JXUkSI7uXBlauXWCWDrdrr98A5SkyT7tXU )
- Grafeas is a recently announced open source project from Google that defines a metadata API for computing components.
- Two primary concepts:
- Note - a relatively static piece of information such as a CVE description, or a normalized piece of information that will have many occurrences.
- Occurrence - references a note in a specific context, possibly with context specific additional information.
- Currently has Swagger and Protobuf based definitions of the metadata.
- Likely to drop Swagger and only officially support Protobuf. SIG was supportive of this plan.
Homework:
SIG members to take a look at Grafeas for more in depth discussion at next SIG.