Google has released Graph for Understanding Artifact Composition (GUAC), an open-source tool for centralized build, security, and dependency metadata.
The new project, which was created in association with Kusari, Purdue University, and Citi, is intended to aid businesses in comprehending software supply chains. For a more thorough understanding of them, GUAC gathers metadata from various sources, such as software bills of materials (SBOM), vulnerabilities, and supply chain levels for software artifacts (SLSA).
“Graph for Understanding Artifact Composition (GUAC) aggregates software security metadata into a high-fidelity graph database—normalizing entity identities and mapping standard relationships between them,” Google says.
Read More: Google’s GUAC Open Source Tool Centralizes Software Security Metadata
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
