The Graph for Understanding Artifact Composition (GUAC) has joined the Open Source Security Foundation (OpenSSF) as an incubating project. GUAC provides a tool and underlying API to analyse and visual

InfoQ is a leading online platform for software developers, architects, and technical leaders, providing news, articles, presentations, and interviews on a wide range of topics, including agile practices, DevOps, microservices, and emerging technologies. With a focus on quality content and expert insights, InfoQ helps professionals stay informed about the latest trends, best practices, and industry developments. Developers can learn from real-world experiences, gain  knowledge, and connect with peers in the global software community through InfoQ's diverse and engaging content.

InfoQ

GUAC has joined the OpenSSF as an incubating project. It provides a tool to analyze and visualize software bill of materials (SBOM) and determine vulnerabilities. GUAC supports competing standards for SBOMs and can ingest SLSA attestations. It has applications in establishing connections and compliance, unveiling gaps in the software supply chain, and detecting/responding to threats.

GUAC Joins OpenSSF as Incubating Project