Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Evaluate possible integration with OpenSSF package analysis #400

Open
3 tasks
fridex opened this issue Apr 28, 2022 · 5 comments
Open
3 tasks

Evaluate possible integration with OpenSSF package analysis #400

fridex opened this issue Apr 28, 2022 · 5 comments
Labels
kind/feature Categorizes issue or PR as related to a new feature. lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. needs-triage Indicates an issue or PR lacks a `triage/...` label and requires one. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. sig/stack-guidance Categorizes an issue or PR as relevant to SIG Stack Guidance.

Comments

@fridex
Copy link
Contributor

fridex commented Apr 28, 2022
edited
Loading

See:

https://openssf.org/blog/2022/04/28/introducing-package-analysis-scanning-open-source-packages-for-malicious-behavior/
https://github.com/ossf/package-analysis

Let's check if data produced by this tool are valuable for Thoth. If so, let's see what our integration points look like.

  • check what data and what format package-analysis produces for packages hosted on PyPI
  • check if these data are suitable for prescriptions so that prescriptions are automatically created
  • check if these data are suitable for solver rules to automatically block analyses of certain packages in a deployment
@fridex fridex added the kind/feature Categorizes issue or PR as related to a new feature. label Apr 28, 2022
@sesheta sesheta added the needs-triage Indicates an issue or PR lacks a `triage/...` label and requires one. label Apr 28, 2022
@sesheta
Copy link
Member

sesheta commented Apr 28, 2022

@fridex: This issue is currently awaiting triage.
If a refinement session determines this is a relevant issue, it will accept the issue by applying the
triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@mayaCostantini
Copy link
Contributor

/sig stack-guidance

@sesheta sesheta added sig/stack-guidance Categorizes an issue or PR as relevant to SIG Stack Guidance. and removed needs-sig labels Apr 28, 2022
@mayaCostantini
Copy link
Contributor

/priority important-soon

@sesheta sesheta added the priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. label Jul 5, 2022
@sesheta
Copy link
Member

sesheta commented Oct 3, 2022

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

/lifecycle stale

@sesheta sesheta added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Oct 3, 2022
@harshad16
Copy link
Member

/remove-lifecycle stale
/lifecycle frozen

@sesheta sesheta added lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Oct 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/feature Categorizes issue or PR as related to a new feature. lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. needs-triage Indicates an issue or PR lacks a `triage/...` label and requires one. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. sig/stack-guidance Categorizes an issue or PR as relevant to SIG Stack Guidance.
Projects
Planning Board
Status: 🆕 New
Milestone
No milestone
Development

No branches or pull requests
4 participants
@fridex @harshad16 @sesheta @mayaCostantini