https://guac.sh/blog/Recent content in GUAC Blog on guacHugoen-usFri, 13 Mar 2026 00:00:00 +0000https://guac.sh/blog/2026-03-13-guac-v1.1.0/Fri, 13 Mar 2026 00:00:00 +0000https://guac.sh/blog/2026-03-13-guac-v1.1.0/GUAC v1.1.0 is now available. Enhancements This release adds support, contributed by Brandt Keller, for configurable TLS verification settings on the OCI collectors. This is allows for prototyping and deployments with otherwise insecure registries. It also supports specifying a port in the address of a registry endpoint. In addition, the Dockerfile for ent migrations now uses a local user instead of root. Fixes The new release contains a fix, contributed by Paul Joseph and Shreyas Pandya, to gracefully handle unknown scores when ingesting vulnerabilities instead of failing to ingest.https://guac.sh/blog/2026-01-09-guac_update/Fri, 09 Jan 2026 00:00:00 +0000https://guac.sh/blog/2026-01-09-guac_update/Welcome to the GUAC Update, a monthly review of what has happened in the GUAC community and what’s coming up. If you have feedback, please let us know. To include something in next month’s update, leave a comment in the issue. Releases guac-visualizer v0.6.1 included a fix for CVE-2025-66478 in next.js. trustify v0.4.5 included several fixes. Community New contributors Stas Semeniuk contributed to trustify-ui Pavel Sedlák contributed to trustify Irena Liu contributed to GUAChttps://guac.sh/blog/2025-12-05-guac_update/Fri, 05 Dec 2025 00:00:00 +0000https://guac.sh/blog/2025-12-05-guac_update/Welcome to the GUAC Update, a monthly review of what has happened in the GUAC community and what’s coming up. If you have feedback, please let us know. To include something in next month’s update, leave a comment in the issue. Releases Trustify 0.4.3 Trustify 0.4.4 Community The GUAC Maintainers Meeting is every-other-week. You can always find the most up-to-date time and location of meetings on the OpenSSF Calendar. Of course, the GUAC public slack channel is always open.https://guac.sh/blog/2025-11-07-guac_update/Fri, 07 Nov 2025 00:00:00 +0000https://guac.sh/blog/2025-11-07-guac_update/Welcome to the GUAC Update, a monthly review of what has happened in the GUAC community and what’s coming up. If you have feedback, please let us know. To include something in next month’s update, leave a comment in the issue. Releases Trustify 0.4.1 adds a REST API endpoint for recommended pURLS, along with many other features. Community The GUAC Maintainers Meeting is now every-other-week instead of weekly. You can always find the most up-to-date time and location of meetings on the OpenSSF Calendar.https://guac.sh/blog/2025-11-03-meeting_change/Mon, 03 Nov 2025 00:00:00 +0000https://guac.sh/blog/2025-11-03-meeting_change/The GUAC Maintainer Meeting is switching from a weekly schedule to bi-weekly. The next meeting will be Monday 17 November. We’re making this switch to better respect people’s time as the meeting agendas have become smaller after the GUAC 1.0 release and Trustify merger. You can always find the most up-to-date time and location of meetings on the OpenSSF Calendar. Of course, the GUAC public slack channel is always open.https://guac.sh/blog/2025-10-28-trustify-v0.4.1/Tue, 28 Oct 2025 00:00:00 +0000https://guac.sh/blog/2025-10-28-trustify-v0.4.1/Trustify v0.4.1 is now available. This release provides a new recommendations API endpoint for PURLs to suggest updated package versions and related vulnerability remediations. The new release also includes the features in the v0.4.0 release from earlier this month: Enhanced SBOM Correlation: Improved correlation for SBOMs, especially those without CPEs Advanced License Filtering: New filtering capabilities for SBOMs, PURLs, and a dedicated license list endpoint Performance and Memory Improvements: Analysis memory consumption has been reduced by approximately 15%, and caching has been improved Expanded Vulnerability Scores: Now includes scores from CVSSv4 and CVSSv2 Storage and GC Enhancements: Added a garbage collection endpoint and improved the deletion process for SBOMs and advisories Join us If you’re interested in joining our community or contributing, we’d love to have you.https://guac.sh/blog/2025-10-03-guac_update/Fri, 03 Oct 2025 00:00:00 +0000https://guac.sh/blog/2025-10-03-guac_update/Welcome to the GUAC Update, a monthly review of what has happened in the GUAC community and what’s coming up. If you have feedback, please let us know. To include something in next month’s update, leave a comment in the issue. With the addition of Trustify, the community has grown quite a bit. Releases GUAC v1.0.1 includes several bug fixes and dependency updates trustify v0.3.6 adds support for deletions and fixes several bugs Community New contributors Shreyas Pandya fixed a bug in GUAC Vilém Obrátil contributed tests to trustify-ui Matěj Nesuta made improvements to the trustify-ui CI workflow Coming up Be sure to join us in the weekly Maintainer Meetings or on Slack to participate in the conversation.https://guac.sh/blog/2025-09-26-guac-v1.0.1/Fri, 26 Sep 2025 00:00:00 +0000https://guac.sh/blog/2025-09-26-guac-v1.0.1/GUAC v1.0.1 is now available. This patch release largely updates dependencies. It also fixes a bug where an ingestor process could hang when encountering a read error from the NATS pub-sub service. This bug fix was contributed by Shreyas Panyda. Join us If you’re interested in joining our community or contributing, we’d love to have you.https://guac.sh/blog/2025-09-05-guac_update/Fri, 05 Sep 2025 00:00:00 +0000https://guac.sh/blog/2025-09-05-guac_update/Welcome to the GUAC Update, a monthly review of what has happened in the GUAC community and what’s coming up. If you have feedback, please let us know. To include something in next month’s update, leave a comment in the issue. Releases guac-visualizer v0.6.0 was released which includes GQL updates for recent GUAC releases and various bug fixes. Community The big news is that Trustify has joined the GUAC community. Check out the newly-reconfigured website and docs!https://guac.sh/blog/2025-08-25-guac_plus_trustify/Mon, 25 Aug 2025 00:00:00 +0000https://guac.sh/blog/2025-08-25-guac_plus_trustify/The superpower of open source is multiple people working together on a common goal. That works for projects, too. GUAC and Trustify are two projects bringing visibility to the software supply chain. Today, they’re combining under the GUAC umbrella. With Red Hat’s contribution of Trustify to the GUAC project, the two combine to create a unified effort to address the challenges of consuming, processing, and utilizing supply chain security metadata at scale.