guac

GUAC aggregates software security metadata into a high fidelity graph database. (by guacsec)

Guac Alternatives

Similar projects and alternatives to guac

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a better guac alternative or higher similarity.

guac discussion

Log in or Post with

guac reviews and mentions

Posts with mentions or reviews of guac. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2024-07-08.
  • Rye: A Hassle-Free Python Experience
    11 projects | news.ycombinator.com | 8 Jul 2024
    You have a lot of firms that are shifting to you, and one of the things that comes up is SBOM generation for ingestion into tools like guac.

    https://guac.sh/

    Your recently added ability to unpin dependencies so devs are more encouraged to stay compatible as they dev, then generate a correct explicit requirements.txt for reproducibility, makes both vuln management and the SBOM step a far easier thing than poetry etc.

    Thank you!

    For similar reasons, we use https://hatch.pypa.io/latest/why/ and appreciate that it plays nicely with `uv`.

  • Double-Entry Bookkeeping as a Directed Graph
    5 projects | news.ycombinator.com | 10 Apr 2024
    Interestingly I sort of went in the other direction at one point -- converting what was obviously a graph (build pipelines) into a from-to / credit-debit representation. On reflection it's just an edge list.

    My main problem with adapting the representation was in the incommensurability of different kinds of asset moving through the pipeline. How does one credit source code and debit a blob store? I thought about learning more about multi-currency accounting as a source for ideas but never followed it up.

    That effort inspired my thinking about a "Universal Asset Graph" for software[0] -- keeping track of not just containment but also movement and transformation of software. It's a partial but not complete inspiration for GUAC, which aims to capture software part relations for easy querying.

    [0] https://theoryof.predictable.software/articles/some-requirem...

    [1] https://guac.sh

  • Python 3.12.0 from a supply chain security perspective
    5 projects | news.ycombinator.com | 5 Oct 2023
    > biggest takeaway from this article is the Supply chain Levels for Software Artifacts (SLSA) security framework

    See also GUAC from Kusari, Google, Citi, and others:

    “GUAC (Graph for Understanding Artifact Composition) aims to fill in the gaps by ingesting software metadata, like SBOMs, and mapping out relationships between software. When you know how one piece of software affects another, you’ll be able to fully understand your software security position and act as needed.”

    https://guac.sh

    https://www.kusari.dev

  • Guac
    1 project | news.ycombinator.com | 22 Oct 2022
  • guac: Graph for Understanding Artifact Composition (GUAC) aggregates software security metadata into a high fidelity graph database—normalizing entity identities and mapping standard relationships between them
    1 project | /r/blueteamsec | 20 Oct 2022
  • A note from our sponsor - SaaSHub
    www.saashub.com | 12 Sep 2024
    SaaSHub helps you find the best software and product alternatives Learn more →

Stats

Basic guac repo stats
5
1,255
9.7
7 days ago

guacsec/guac is an open source project licensed under Apache License 2.0 which is an OSI approved license.

The primary programming language of guac is Go.


Sponsored
Purpose built for real-time analytics at any scale.
InfluxDB Platform is powered by columnar analytics, optimized for cost-efficient storage, and built with open data standards.
www.influxdata.com