Welcome to the GUAC Update, a monthly review of what has happened in the GUAC community and what’s coming up. If you have feedback, please let us know. To include something in next month’s update, leave a comment in the issue.
We’re putting the final touches on the GUAC 1.0 release.
As part of that, the Helm charts developed by Kusari are now in the guacsec organization.
The CNCF is looking at using GUAC to gain insights into the software supply chain across its wide portfolio of projects. We’re excited to work with them on this.
Community
New contributors
- Maximilian Combüchen fixed handling of empty package namespaces in GUAC Visualizer.
Events
Several members of the GUAC community will be presenting at Open Source Summit North America in Denver:
- Mihai Maruseac will be part of a panel “Panel Discussion: Strengthening Software Supply Chains: Harmonizing SLSA Provenance and SPDX SBOM for Better Adoption”
- Brandt Keller will present “Enhancing Supply Chain Security: Integrating Zarf and GUAC for Seamless SBOM Generation and Delivery]” at OpenSSF Community Day
- Mihai Maruseac will present “Taming the Wild West of ML: Practical Model Signing With Sigstore on Kaggle” at OpenSSF Community Day
Coming up
Be sure to join us in the weekly Maintainer Meetings, monthly Community Meeting, or on Slack and office hours to participate in the conversation.