Welcome to the GUAC Update, a monthly review of what has happened in the GUAC community and what’s coming up. If you’re a regular reader, you may have noticed a change in the naming convention: GUAC Update posts are now (and retroactively) titled based on the month they’re about, not the month they publish. We had some feedback that the old pattern was confusing, so this will hopefully make it more clear. If you have other feedback, please let us know. To include something in next month’s update, leave a comment in the issue.
Contributor ladder climbs
The GUAC Maintainers approved several advancements up the contributor ladder in recognition of the hard work done by our community members:
- Robbie Cronin was granted Reviewer status for the CLI and Collectors areas.
- Nathan Naveen was granted Reviewer status for the CLI area.
- Ben Cotton was granted Owner status for the Docs area.
Thanks to these contributors and everyone else who participate in the GUAC community.
Releases
We closed the year strong in GUAC, with several releases. The highlight is GUAC v0.12.0, which added a certifier that records end-of-life information from endoflife.date and a collector for OCI container registries. In addition, the GUAC Visualizer has a much smaller container image and also displays the version of GUAC it is connected to.
Events
Several members of the GUAC community will be speaking at FOSDEM in Brussels:
- Brandon Lum and Marco Deicas will present A retrospective on Google’s SBOM implementation
- Jeff Mendoza and Qing Tomlinson will present Discover Dependency License Information Using SBOMs and ClearlyDefined
- Michael Lieberman will present The Breadth and Depth of SBOMs
Coming up
Be sure to join us in the weekly Maintainer Meetings, monthly Community Meeting, or on Slack and office hours to participate in the conversation.