This episode is about GUAC, which stands for Graph for Understanding Artifact Composition, is an open-source tool that helps software developers understand their software supply chain. By creating a database of software packages and their dependencies, GUAC can identify potential vulnerabilities and trace the path of those vulnerabilities through the supply chain. This allows developers to quickly understand which of their packages are affected and take action to mitigate those risks. The GUAC ecosystem includes a command-line interface, a visualizer (under development), and a GraphQL API for querying data. The source provides a demo that showcases GUAC's features, including identifying vulnerabilities and marking packages as malicious.

Send us a text

Support the show

Podcast:
https://kabir.buzzsprout.com


YouTube:
https://www.youtube.com/@kabirtechdives

Please subscribe and share.