guac
guac copied to clipboard
guacsec
GUAC aggregates software security metadata into a high fidelity graph database.
Opening this issue to discuss what are the important features that need to be added or stabilized in order for a 1.0 release for GUAC. Based on initial feedback: -...
Hi folks, I have written up a design proposal for representing legal information in GUAC verb/noun nodes: https://docs.google.com/document/d/1NmLlU5wuP2X9CK7QCWZkkOciNn1QFLKQCFCW9CEI8HQ/edit?usp=sharing It covers the proposed nodes and the attributes they will have. Also,...
**Is your feature request related to a problem? Please describe.** Currently the backend used with docker compose is in memory and is started with `docker compose up`, to switch from...
**Describe the bug** There is a mismatch in the backends (inmem, ent and arango) on how the various timestamp fields are stored. Some are stored as UTC() while others are...
**Summary** In some calls to the deps.dev [`GetProject`](https://docs.deps.dev/api/v3alpha/#getproject) endpoint, the source repository argument is malformed. The arguments have a `.git` suffix, which is not expected by that endpoint. **More Detail**...
**Is your feature request related to a problem? Please describe.** During last office hour, with @lumjjb and @mlieberman85 we discussed about "Community parsers". Companies create both SBOM and VEX files...
**Is your feature request related to a problem? Please describe.** When importing files, like an SPDX, including unsupported purl types, the ingestion fails with a message like: ``` unable to...
**Is your feature request related to a problem? Please describe.** Today, GUAC supports collection from OCI artifacts via fallback artifacts and, soon, OCI referrers (#1277). Another way that supply chain...
Create a dashboard or testing tracker in CI to show what predicates are supported in a backend - it would be nice to have this be part of CI and...
The assembler code ingests all nouns first from a set of ingest predicates before any verbs. In case of a bug in the ingestor, or some direct GraphQL calls, backends...