GUAC - Open Source Security Foundation

Graph for Understanding Artifact Composition

Software supply chain attacks are on the rise and it’s hard to know what your software is at risk for and how to protect it. Many tools are available to help you generate Software Bills of Materials (SBOMs), signed attestations, and vulnerability reports, but they stop there, leaving you to figure out how they all fit together.

Our Vision

GUAC (Graph for Understanding Artifact Composition) aims to fill in the gaps by ingesting software metadata, like SBOMs, and mapping out relationships between software. When you know how one piece of software affects another, you’ll be able to fully understand your software security position and act as needed.

How can GUAC help you?

Proactive Find the most used critical components in a software supply chain ecosystem
Operational Determine weaknesses in overall security posture
Responsive Prevent software supply chain compromises before they happen

Website

GitHub

Copyright © 2024 The Linux Foundation® . All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page. Linux is a registered trademark of Linus Torvalds. Privacy Policy and Terms of Use.

Graph for Understanding Artifact Composition

Our Vision

How can GUAC help you?

Subscribe to the OpenSSF Mailing List!

Get the latest announcements, event info, and the community news in your inbox.