, and I’m an incoming freshman at the University of Pennsylvania in the Jerome Fisher Program in Management and Technology (B.S.E. Computer Science, B.S. Economics from the Wharton School of Business).
This summer, I contributed to an open source project called in-toto as a student developer for the 2021 Google Summer of Code program. I had a blast and I want to share my experience, insights, and advice with you!
Acknowledgements & Thank You
In the following section, I will be describing my project and the GSoC experience in detail. But, before I do so, I would like to thank the following people who transformed my GSoC experience.
for kindly introducing me to the vibrant in-toto community.
Thank you so much! GSoC would not be GSoC without you: it would be “Gee, this socs.” 😆
This article is pretty lengthy, so feel free to jump to the bit you’re most interested in! Here’s an outline of what I will be talking about:
What is Google Summer of Code? -For those curious about the program.
About in-toto - Background for the open source project I contributed to, in-toto, for those interested in learning more or getting involved!
My project: Develop in-toto-rs (Rust) for integration with rebuilderd - See the details of my Google Summer of Code project, and pull requests I created.
How I got into GSoC (and why you should, too!) - My GSoC story, told as a figma comic strip :D
What is Google Summer of Code?
According to the official GSoC website,
Google Summer of Code (GSoC) is a global program focused on bringing more student developers into open source software development. Students work with an open source organization on a 10 week programming project during their break from school. (
What does this mean? As a GSoC student, you get to work with cool people on an open source project that you’re interested in learning more about. Instead of picking up miscellaneous GitHub issues, GSoC students have their own independent projects to contribute to. This means that your learning experience is customizable and your contributions are concrete!
, and the experience is undoubtedly unique and special to every one of us. To me, Google Summer of Code was an incredible opportunity where I had the opportunity to learn more about the open source community, apply my knowledge in a meaningful project, and interact with my amazing mentors.
In GSoC 2021, the open source project I am contributing to is called
, under the Cloud Native Computing Foundation (CNCF). The Cloud Native Computing Foundation is one of the most senior community partners in the Google Summer of Code, with many graduated projects including The Update Framework (TUF), Kubernetes, and etcd.
So, what is in-toto?
With the development and increased complexity in software supply chains, there is a rising need to protect not only the stages in the software development process but also the chain itself.
The in-toto framework was made to address the rising need to combat software supply chain compromises, holistically preventing attacks/vulnerabilities and affecting all the population down the pipeline.
in-toto ensures security by not only increasing both the control and transparency of the steps (layout, assigned functionaries), but also creating and comparing the “expected” and “observed” outcome for the steps in software development.
My project: Develop in-toto-rs (Rust) for integration with rebuilderd
Prior to my development, in-toto-rs had been a work-in-progress repository that members of the in-toto team briefly spun off in May 2020, referencing the
). While implementations of this framework in Python and Go already exist, its Rust implementation was still in development.
My GSoC project adds the core module of in-toto (runlib) to its Rust implementation and creates the first use case for the Rust repository (the rebuilderd crate), making the Rust project—and by extension, in-toto— more complete and open for use.