GUAC 1.0 Released
The GUAC project has released GUAC 1.0 with enhancements to core functionality and new experimental features.
GUAC – which stands for “Graph for Understanding Artifact Composition” – is an OpenSSF incubating project that “aggregates software security metadata into a high fidelity graph database” to provide greater insight into the software supply chain.
According to the announcement, “GUAC collects and stores SBOMs from file systems, object storage, image repositories, and code repositories. After ingesting the SBOM, GUAC parses it into a graph database, which allows the user to evaluate relationships between software packages, binaries, and container images.”
Visit the GUAC website and view the changelog for more details.
06/30/2025
Related content
-
Trivy security scanner
The Trivy open source tool provides information on container and software security. - How to Use an SBOM
-
Security and automation with SBOMs
Already mandatory in the United States and recently approved in Europe thanks to new legislation, a software bill of materials provides information about software components, enabling IT managers to respond better to attacks and vulnerabilities. -
Exploring the AlmaLinux Build System
The AlmaLinux Build System lets you build, test, sign, and release packages from a single interface. -
How graph databases work
Graph databases excel at revealing the relationships among different but related sets of data.