Announcement for the GUAC v0.1 beta release
Tim Miller
24 May 2023
Kusari is excited to announce the v0.1 beta release of GUAC — Graph for Understanding Artifact Composition. This open-source tool, created in partnership with Google and with valuable input from Purdue University and Citi, is set to change the game in software supply chain analysis.
Tags: releases
Announcing GUAC, a great pairing with SLSA (and SBOM)!
Brandon Lum, Mihai Maruseac, Isaac Hepworth
20 Oct 2022
Supply chain security is at the fore of the industry’s collective consciousness. We’ve recently seen a significant rise in software supply chain attacks, a Log4j vulnerability of catastrophic severity and breadth, and even an Executive Order on Cybersecurity.
A high fidelity view of software supply chain
20 Oct 2022
Understanding and maintaining your software supply chain can be a task that needs 24/7 vigilance. The recent report from Sonatype: State of the Software Supply Chain has shown that supply chain attacks are on the rise (742% average annual increase in the past 3 years). Along with the fact that 6 out of the 7 project vulnerabilities come from transitive dependencies, the industry is in desperate need of having a clear, holistic understanding of the software supply chain.