Graph for Understanding Artifact Composition

Software supply chain attacks are on the rise and it’s hard to know what your software is at risk for and how to protect it. Many tools are available to help you generate Software Bills of Materials (SBOMs), signed attestations, and vulnerability reports, but they stop there, leaving you to figure out how they all fit together.

Our Vision

GUAC (Graph for Understanding Artifact Composition) aims to fill in the gaps by ingesting software metadata, like SBOMs, and mapping out relationships between software. When you know how one piece of software affects another, you’ll be able to fully understand your software security position and act as needed.

How can GUAC help you?

  • Proactive Find the most used critical components in a software supply chain ecosystem
  • Operational Determine weaknesses in overall security posture
  • Responsive  Prevent software supply chain compromises before they happen