guac
guac copied to clipboard
guacsec
GUAC aggregates software security metadata into a high fidelity graph database.
**Is your feature request related to a problem? Please describe.** `IsDependency` nodes contain a justification explaining why they were created, but they are string justifications that look like "Derived from...
When a digest is available for the subject of an SBOM, the `HasSbom` node should be attached to an `Artifact` corresponding to that digest, and then an `IsOccurrence` should link...
# Description of the PR Add `--search-depth` parameter to allow recursive search for query known, will default to 0 which will recursively query max depth. In addition, added `SUBJECT` to...
GUAC with graphql is currently great at handling complicated use cases like when you want to compare multiple artifacts or run complex queries. However, it's a bit of overkill when...
**Is your feature request related to a problem? Please describe.** I was working with GUAC and ingested a provenance file, and then tried to ingest an associated SPDX SBOM. The...
When recursive queries were added to `guacone query known` (#1692), the output becomes very verbose, and table form readability is affected. The output should perhaps be formatted in a different...
[bug] Update docs to reflect new guacone query known recursive implementation with new output format
Docs need to be updated before new release to reflect https://github.com/guacsec/guac/pull/1692
**Is your feature request related to a problem? Please describe.** Currently, we are using our [own version to attest to vulnerability](https://github.com/guacsec/guac/blob/main/pkg/certifier/attestation/attestation_vuln.go) information. A [formal vulnerability predicate](https://github.com/in-toto/attestation/blob/main/spec/predicates/vuln.md) has been created by...
**Is your feature request related to a problem? Please describe.** As brought up during the GUAC community meeting, it would be nice to have a pre-ingested GUAC instance so that...
Do not overwrite collectors https://github.com/guacsec/guac/blob/7176dec30b6040d81df8b72c934c23fae6432c8c/pkg/handler/collector/collector.go#L59-L67 re your [comment](https://github.com/guacsec/guac/pull/1500#issuecomment-1846097866) on this breaking things - is this behavior of overriding being used anywhere besides in tests? My initial thought is to add...
