Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add datadog certifier #2366

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add datadog certifier #2366

wants to merge 1 commit into from
+731 −0

Conversation

robert-cronin
Copy link
Contributor

@robert-cronin robert-cronin commented Dec 12, 2024
edited
Loading

Description of the PR

Fixes #2345

I am not sure if there is a need for a parser or attestation since were just ingesting CertifyBad for a particular pURL, but if there is a need to represent the source information in a predicate, I'd be happy to try and figure out how to add that in.

PR Checklist

  • All commits have a Developer Certificate of Origin (DCO) -- they are generated using -s flag to git commit.
  • All new changes are covered by tests
  • If GraphQL schema is changed, make generate has been run
  • If GraphQL schema is changed, GraphQL client updates/additions have been made
  • If OpenAPI spec is changed, make generate has been run
  • If ent schema is changed, make generate has been run
  • If collectsub protobuf has been changed, make proto has been run
  • All CI checks are passing (tests and formatting)
  • All dependent PRs have already been merged

@funnelfiasco
Copy link
Contributor

As a general comment, I wonder if we want to call it something more specific than "DataDog"? "DataDog Malicious Packages DataSet" is unwieldy, but I'm concerned that there might be some future thing that pulls from DataDog proper and the name is already taken. I don't have any great ideas and this may not be a concern worth worrying about right now, but I wanted to raise it.

@robert-cronin
Copy link
Contributor Author

robert-cronin commented Dec 13, 2024
edited
Loading

As a general comment, I wonder if we want to call it something more specific than "DataDog"? "DataDog Malicious Packages DataSet" is unwieldy, but I'm concerned that there might be some future thing that pulls from DataDog proper and the name is already taken. I don't have any great ideas and this may not be a concern worth worrying about right now, but I wanted to raise it.

yeah, that is a solid point, if DataDog eventually spin out other datasets, I can see how that might cause some confusion. The data itself mostly comes from GuardDog but I think not exclusively. Maybe we can go with something like datadog-malware-dataset or datadog-mspd but mspd is not a known acronym. The alternative is datadog-malicious-software-packages-dataset but like you said that is a bit unwieldy.
The datadog-malware-dataset one sounds like the best compromise to me between clarity and brevity.

@funnelfiasco funnelfiasco mentioned this pull request Dec 13, 2024
Closed
@robert-cronin
Add datadog certifier
d2f86e2 
Signed-off-by: robert-cronin <robert.owen.cronin@gmail.com>
@pxp928
Copy link
Collaborator

pxp928 commented Dec 19, 2024

Thanks @robert-cronin! Sorry for the delay. We will review this soon!

@robert-cronin
Copy link
Contributor Author

Thanks @robert-cronin! Sorry for the delay. We will review this soon!

No problems, thanks @pxp928!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jeffmendoza jeffmendoza Awaiting requested review from jeffmendoza jeffmendoza is a code owner

@funnelfiasco funnelfiasco Awaiting requested review from funnelfiasco

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
size/XL
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[feature] Add support for DataDog's malicious software package dataset
3 participants
@robert-cronin @funnelfiasco @pxp928