Version 0.4.5 of the experimental GUAC Visualizer is now available. The GUAC Visualizer is an experimental utility that can be used to interact with GUAC services. It acts as a way to visualize the software supply chain graph and explore the supply chain.
The main change in version 0.4.5 is the addition of a new window that displays known information about a package. This package information box, contributed by Shafee Ahmed, gives you quick access to information about a package’s vulnerabilities, SBOM source, and SLSA attestations.
This release also includes an update of the GraphQL schema to work with recent GUAC releases, plus a few other minor fixes and dependency updates. See the GitHub release page for a full list of changes. It includes first-time contributions to the GUAC Visualizer from:
If you paid close attention to the GUAC Visualizer, you might have noticed that the previous release was version 0.3.1. What happened between then? Several changes in the build pipeline were necessary due to changes in the tools we use. Versions 0.4.0 through 0.4.4 were part of the diagnosis and remediation of build pipeline issues. As part of this work, we’ve now created a CI build workflow that runs a build on all pull requests. This is a common practice and will help us catch some issues earlier. We’d love your help with GUAC Visualizer. See the “help wanted” or “good first issue” tags in GitHub for suggestions.