-
Notifications
You must be signed in to change notification settings - Fork 69
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add proto definition for vuln predicate type #345
Conversation
48ea84a
to
0d02476
Compare
related to #268 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for sending this.
Besides the other comments, have you by any chance generated any json with this? Could you provide a sample? it would be nice to compare it against the example https://github.com/in-toto/attestation/blob/main/spec/predicates/vuln.md#example
Friendly ping on this PR. @hectorj2f Could you please remove the generated Go/Python/Java files and add an entry for this proto here? then I think your PR will be pretty much ready to go. |
@marcelamelara Yes, I'll do it. |
0d02476
to
cd455a3
Compare
I think something might have gotten a bit screwy with the git commits (I've done this myself for sure). When I look at 'Files Changed' it doesn't look like anything has changed since our earlier comments? |
I'm confused now. I followed what @marcelamelara commented above remove all the generated go/python and java code and leave the entry in protos. |
If I understand correctly, having only the .proto file is what Tom had originally requested. But there may have been some edits to that proto file that were lost when the auto-generated files were removed? I only see 1 commit in this PR right now. Separately, I also had requested a minor documentation update to the /protos/README.md file. This way this new proto is included in that list. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for these changes, just a couple minor updates needed I think.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @hectorj2f ! LGTM.
One final question (which can be addressed in a separate PR, I think) is about the predicate type URI for this predicate. Right now, in the vuln predicate spec it's listed as @hectorj2f What do you think? Is this a concern? |
Signed-off-by: hectorj2f <[email protected]>
Signed-off-by: hectorj2f <[email protected]>
Signed-off-by: hectorj2f <[email protected]>
Signed-off-by: hectorj2f <[email protected]>
@marcelamelara Let's change vuln to vulns wherever we use it as part of a different PR. |
Signed-off-by: hectorj2f <[email protected]>
bcbd48e
to
ffffbc7
Compare
Signed-off-by: hectorj2f <[email protected]>
ffffbc7
to
69d0fa5
Compare
Signed-off-by: hectorj2f <[email protected]>
4fcf62d
to
044ba49
Compare
@marcelamelara @lumjjb I've applied some of the changes you proposed. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks so much for the updates @hectorj2f ! At this point the changes I'm requesting are just some small documentation fixes.
0536b6d
to
3b11a0b
Compare
Signed-off-by: hectorj2f <[email protected]>
3b11a0b
to
1e238a8
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @hectorj2f ! LGTM
I appreciate these changes, but the one big problem I see is that it erases the old 'vuln v0.1' predicate and replaces it with this new one. There are folks that are using the old predicate (however flawed it might be me), we should keep that copy around for them to reference. So a couple requests:
|
Signed-off-by: hectorj2f <[email protected]>
35cdce3
to
297a7fc
Compare
@TomHennen I believe I've made all your requested changes. |
Thank you! And I'm so sorry it took me so long to get back to this. I missed the email about the update. :( |
This PR adds a proto definition for the vuln predicate type. This was pending since we added the vuln predicate type and it is needed to update the cosign vuln predicate types.