Transity VS guac

I've been preaching to use a simpler accounting system for years and even built my own tool for it: https://github.com/ad-si/Transity

But so far with little success. I think I’m the only active user of Transity.

might be interesting to someone here: while researching this i found a PTA program called Transity (blog, github) by /u/adwolesi (i'm not affiliated with them). Transity's model allows having multiple entities transferring stuff between each other which sounds useful for this kind of thing, though i don't really like how the YAML format looks.

Interestingly I sort of went in the other direction at one point -- converting what was obviously a graph (build pipelines) into a from-to / credit-debit representation. On reflection it's just an edge list.

My main problem with adapting the representation was in the incommensurability of different kinds of asset moving through the pipeline. How does one credit source code and debit a blob store? I thought about learning more about multi-currency accounting as a source for ideas but never followed it up.

That effort inspired my thinking about a "Universal Asset Graph" for software[0] -- keeping track of not just containment but also movement and transformation of software. It's a partial but not complete inspiration for GUAC, which aims to capture software part relations for easy querying.

[0] https://theoryof.predictable.software/articles/some-requirem...

[1] https://guac.sh

> biggest takeaway from this article is the Supply chain Levels for Software Artifacts (SLSA) security framework

See also GUAC from Kusari, Google, Citi, and others:

“GUAC (Graph for Understanding Artifact Composition) aims to fill in the gaps by ingesting software metadata, like SBOMs, and mapping out relationships between software. When you know how one piece of software affects another, you’ll be able to fully understand your software security position and act as needed.”

https://guac.sh

https://www.kusari.dev