GUAC 1.0 Released

By

The tool helps map relationships between software.

The GUAC project has released GUAC 1.0 with enhancements to core functionality and new experimental features.

GUAC – which stands for “Graph for Understanding Artifact Composition” – is an OpenSSF incubating project that “aggregates software security metadata into a high fidelity graph database” to provide greater insight into the software supply chain.

According to the announcement, “GUAC collects and stores SBOMs from file systems, object storage, image repositories, and code repositories. After ingesting the SBOM, GUAC parses it into a graph database, which allows the user to evaluate relationships between software packages, binaries, and container images.”

Visit the GUAC website and view the changelog for more details.
 
 

 
 
 

06/30/2025

Related content

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs



Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>
	</a>

<hr>		    
			</div>
		    		</div>

		<div class=