GUAC 1.0 Released
The GUAC project has released GUAC 1.0 with enhancements to core functionality and new experimental features.
GUAC – which stands for “Graph for Understanding Artifact Composition” – is an OpenSSF incubating project that “aggregates software security metadata into a high fidelity graph database” to provide greater insight into the software supply chain.
According to the announcement, “GUAC collects and stores SBOMs from file systems, object storage, image repositories, and code repositories. After ingesting the SBOM, GUAC parses it into a graph database, which allows the user to evaluate relationships between software packages, binaries, and container images.”
Visit the GUAC website and view the changelog for more details.
06/30/2025