Welcome to the GUAC Update, a monthly review of what has happened in the GUAC community and what’s coming up. If you have feedback, please let us know. To include something in next month’s update, leave a comment in the issue.
We’re putting the final touches on the GUAC 1.0 release. Plus, we’re working on merging with the Trustify project to create a unified effort to address the challenges of consuming, processing, and utilizing supply chain security metadata at scale. Stay tuned for updates.
Community
New contributors
- Brian Demers fixed the download links for Apple silicon in the Docs.
Events
Ben Cotton presented How to Use The Open Source Project Security Baseline to Better Navigate Standards & Regulations as an OpenSSF Tech Talk on 24 April.
Several members of the GUAC community will be presenting at Open Source Summit North America in Denver:
- Mihai Maruseac will be part of a panel “Panel Discussion: Strengthening Software Supply Chains: Harmonizing SLSA Provenance and SPDX SBOM for Better Adoption”
- Brandt Keller will present “[Enhancing Supply Chain Security: Integrating Zarf and GUAC for Seamless SBOM Generation and Delivery(https://openssfcdna2025.sched.com/event/1zhnb)]” at OpenSSF Community Day
- Mihai Maruseac will present “Taming the Wild West of ML: Practical Model Signing With Sigstore on Kaggle” at OpenSSF Community Day
Coming up
Be sure to join us in the weekly Maintainer Meetings, monthly Community Meeting, or on Slack and office hours to participate in the conversation.