35c5614eb7
- Added RustCargoLockParser to parse Cargo.lock files and extract package information. - Introduced RustFingerprintScanner to scan for Rust fingerprint records in JSON files. - Created test fixtures for Rust language analysis, including Cargo.lock and fingerprint JSON files. - Developed tests for RustLanguageAnalyzer to ensure deterministic output based on provided fixtures. - Added expected output files for both simple and signed Rust applications.
1.3 KiB
1.3 KiB
If you are working on this file you need to read docs/ARCHITECTURE_EXCITITOR.md and ./AGENTS.md).
TASKS
| Task | Owner(s) | Depends on | Notes |
|---|---|---|---|
| EXCITITOR-ATTEST-01-001 – In-toto predicate & DSSE builder | Team Excititor Attestation | EXCITITOR-CORE-01-001 | DONE (2025-10-16) – Added deterministic in-toto predicate/statement models, DSSE envelope builder wired to signer abstraction, and attestation client producing metadata + diagnostics. |
| EXCITITOR-ATTEST-01-002 – Rekor v2 client integration | Team Excititor Attestation | EXCITITOR-ATTEST-01-001 | DONE (2025-10-16) – Implemented Rekor HTTP client with retry/backoff, transparency log abstraction, DI helpers, and attestation client integration capturing Rekor metadata + diagnostics. |
| EXCITITOR-ATTEST-01-003 – Verification suite & observability | Team Excititor Attestation | EXCITITOR-ATTEST-01-002 | DOING (2025-10-22) – Continuing implementation: build IVexAttestationVerifier, wire metrics/logging, and add regression tests. Draft plan in EXCITITOR-ATTEST-01-003-plan.md (2025-10-19) guides scope; updating with worknotes as progress lands. |
Remark (2025-10-22): Added verifier implementation + metrics/tests; next steps include wiring into WebService/Worker flows and expanding negative-path coverage.