GUAC 0.1 Beta: Google's Breakthrough Framework for Secure Software Supply Chains

2023-05-25 05:45

Google on Wednesday announced the 0.1 Beta version of GUAC for organizations to secure their software supply chains.

GUAC aims to aggregate software security metadata from different sources into a graph database that maps out relationships between software, helping organizations determine how one piece of software affects another.

"Graph for Understanding Artifact Composition gives you organized and actionable insights into your software supply chain security position," Google says in its documentation.

"GUAC ingests software security metadata, like SBOMs, and maps out the relationship between software so that you can fully understand your software security position."

In other words, it's designed to bring together Software Bill of Materials documents, SLSA attestations, OSV vulnerability feeds, deps.

"This enables the to easily create a policy to forbid use of any software from within the blast radius."

News URL

https://thehackernews.com/2023/05/guac-01-beta-googles-breakthrough.html

#breakthrough #framework #google #supplychain