GUAC's 2024 in review

Ben Cotton

31 Jan 2025

2024 was a big year for GUAC, from becoming an OpenSSF incubating project in March to mentions in three KubeCon NA keynotes in November. What happened in between?

Community

The community is the lifeblood of any open source project, and GUAC is no different. 33 people attended at least one of the monthy community meetings. We also saw a 23% increase in members of the #GUAC channel on the OpenSSF Slack.

GUAC welcomed many new contributors in 2024. According to Cauldron.io data, new contributors represented 62% of commit authors, 66% of issue authors, and 55% of issue authors. Several of those new contributors have advanced up the contributor ladder, along with contributors who were here before:

  • Dejan Bosanac was granted Reviewer status for the Backend area.
  • Marco Rizzi was granted Owner status for the Backend area.
  • Robbie Cronin was granted Reviewer status for the CLI and Collectors areas.
  • Nathan Naveen was granted Reviewer status for the CLI area.
  • Ben Cotton was granted Owner status for the Website and Docs areas.

Not only did we grow the community in 2024, we also grew our community infrastructure and communication. The weekly maintainer meetings are now public, with recordings on YouTube and notes in the governance repo. The monthly community calls are now also posted to YouTube with notes in the governance repo.

In order to better share news with the broader community, we started publishing monthy GUAC update blog posts and now our first year-in-review post.

Development and releases

Development work was pretty steady for most of the year, with a big increase at the end of the year. This was due to new contributors as well as new interest driven by the KubeCon keynote mentions.

Line graph of daily commits in 2024

With all of the new interest, we saw a corresponding increase in issues opened. Fortuntely, we were able to still be faster at closing issues than in the earlier part of the year.

Graph showing a decrease in median time to close issues

We had, by my count, 23 releases of GUAC in 2024, starting with GUAC v0.4.0 and ending with v0.12.3. Along the way, we added a bunch of new features:

  • A key-value backend used for demos and testing
  • A REST API
  • Metrics publication via Prometheus (OpenTelemetry support was added in early 2025)
  • Persistent storage via Ent and PostgreSQL
  • A ClearlyDefined certifier to add license information
  • An certifier for endoflife.date to add support period information
  • A collector for OCI container registries

Of course, we’ve also done a significant number of performance improvements and bug fixes.

The GUAC Visualizer also had two releases. These added an information pane to see more data about the selected package. We also reduced the container image size significantly.

Forward to 2025

We start 2025 looking at final items for a 1.0 release. Discussions are underway for a new architecture that will allow GUAC to provide easier answers to the basic questions while still being powerful enough for deeper analysis. We hope to see you around the [community]/community/.

Tags: guac-update | community