20
Oct
Google’s GUAC Open Source Tool Centralizes Software Security Metadata
Google today introduced Graph for Understanding Artifact Composition (GUAC), an open source tool for centralizing build, security, and dependency metadata. Developed in collaboration with Kusari, Purdue University, and Citi, the new project is meant to help organizations better understand software supply chains. GUAC aggregates metadata from different sources, including supply chain levels for software artifacts (SLSA) provenance, software bills of materials (SBOM), and vulnerabilities, to provide a more comprehensive view over them. “Graph for Understanding…
Read More