You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Solicit input, feedback, and collaboration on https://github.com/cncf/landscape-graph, specifically on Sub-Graph Modules related to software packages and threats (details below)
Impact: Describe the customer impact of the problem. Who will this help? How will it help them?
This data model and graph will serve useful to a variety of Personas, from those responsible for operating cloud workloads and infrastructure, Security Professionals, Project Maintainers, Developers, and others. It will help by providing a scalable data model capable of answering questions such as: https://github.com/cncf/landscape-graph/labels/Q%20for%20graph
Hi folks, I've been in the process of launching a new project that I think likely has some utility to this WG. In a nutshell, I'm pulling data from a variety of sources --> Neo4j Graph Database, with GraphQL as the strongly typed interface/api/data (schema) definition language.
for a set of projects, for all repos by release, show package dependency trees, overlaid with current CVE announcements w/ reporting and alerting as necessary.
for a set of projects' contributors, who employed them whilst they contributed? Who funded those organizations? Who owns them? What else did they invest in?
How does investment flow through the Landscape? Who maintains what? Who uses it?
Identify communities. Understand how they interact. Comprehend how they collaborate with each other.
Grok groupings of frequent code review <-> author interactions across projects.
Facilitate generation of Dora metrics in-rears from historical GitHub data for all CNCF projects. (more on DORA).
Are popularity and market cap correlated?
What companies are using which projects? What vendors support that?
What happened in Twitter last week related to my project?
The ones in bold in particular could be useful to inform secure supply chain tooling.
Presently using this as an initial Data Model, with active work going on around schema composition (supergraph/subgraph, federation, etc). This will allow for extending the graph using modular, testable, and verifiable strategies and workflows.
Question: Are there already efforts underway or considered around building a graph? I think it would make sense to add deployment information to the current subgraph list:
I’ve been incorporating feedback from TAG Contributor Strategy and TOC members, as well as input from a variety of communities.
The project is rapidly approaching the point at which contributors and maintainers will be actively solicited.
Hello @halcyondude. I'm picking this back up. It's been some time since you opened the issue. Are you still looking for feedback? What form of feedback are you looking for? Is there something in particular that you are seeking from a security standpoint or more an overall review? Are there areas you'd like to direct our attention to?
Description: what's your idea?
Solicit input, feedback, and collaboration on https://github.com/cncf/landscape-graph, specifically on Sub-Graph Modules related to software packages and threats (details below)
Impact: Describe the customer impact of the problem. Who will this help? How will it help them?
This data model and graph will serve useful to a variety of Personas, from those responsible for operating cloud workloads and infrastructure, Security Professionals, Project Maintainers, Developers, and others. It will help by providing a scalable data model capable of answering questions such as: https://github.com/cncf/landscape-graph/labels/Q%20for%20graph
Thread from Slack
https://cloud-native.slack.com/archives/C01KL0B4LKC/p1658416961087659
Hi folks, I've been in the process of launching a new project that I think likely has some utility to this WG. In a nutshell, I'm pulling data from a variety of sources --> Neo4j Graph Database, with GraphQL as the strongly typed interface/api/data (schema) definition language.
https://github.com/cncf/landscape-graph
It aims to help answer questions such as:
Presently using this as an initial Data Model, with active work going on around schema composition (supergraph/subgraph, federation, etc). This will allow for extending the graph using modular, testable, and verifiable strategies and workflows.
The most recent status update for current design/thinking w/ a link trove: cncf/landscape-graph#4 (comment)
Question: Are there already efforts underway or considered around building a graph? I think it would make sense to add deployment information to the current subgraph list:
https://github.com/cncf/landscape-graph/tree/4-graphql-endpoint-v1/db#sub-graph-modules-sgm
. ├── blogs │ └── sgm-blogcncf ├── boards │ ├── sgm-ghdiscuss │ └── sgm-stackoverflow ├── core │ └── generated ├── corp │ ├── sgm-crunchbase │ └── sgm-yahoofinance ├── email ├── packages │ ├── sgm-brew │ ├── sgm-choco │ ├── sgm-crate │ ├── sgm-deb │ ├── sgm-deno │ ├── sgm-go │ ├── sgm-maven │ ├── sgm-npm │ ├── sgm-pip │ └── sgm-rpm ├── rtc │ ├── sgm-discord │ └── sgm-slack ├── social │ ├── sgm-linkedin │ └── sgm-twitter ├── threats │ └── sgm-nist └── videos └── sgm-youtube
I’ve been incorporating feedback from TAG Contributor Strategy and TOC members, as well as input from a variety of communities.
The project is rapidly approaching the point at which contributors and maintainers will be actively solicited.
10k Kanban w/ in-flight work
Help Wanted,
Questions, etc.
Please reach out directly or in #landscape-graph if interested. If it would make sense to discuss at a WG meeting I’m happy to join.
TO DO
The text was updated successfully, but these errors were encountered: