guac
guac copied to clipboard
guacsec
GUAC aggregates software security metadata into a high fidelity graph database.
Identities should be considered separate from any given key material, as its potentially a many to many situation. One identity might have multiple keys and one key might be potentially...
Collectors that obtain documents need somewhere to emit them to. The processor, which is the next part of the pipeline needs to gather the documents and process them.. There are...
We agreed that in the long term, the ingestor would need to have a way to communicate information up/down the tree in order to make edges and annotations between the...
We've currently only tried our parser on outputs from Syft and SLSA of the k8s community. We encourage folks to try out new sources and different documents, the findings can...
We have a hard requirement to not use GPL software, it is possible to use a different graph db like ArangoDB which has an Apache license?
More details: https://github.com/guacsec/guac/issues/169#issuecomment-1302558947 (opened by @electricgull)
Apologies if I've misunderstood the terminology, but I was playing around trying to import some of my own cyclonedx SBOMs and it lead me to the [test](https://github.com/guacsec/guac/blob/4dacd03774fa368e173fddc47042f10523722115/pkg/ingestor/parser/cyclonedx/parser_cyclonedx_test.go#L49) for the parser,...
Based on conversations with @halcyondude at kubecon and previously, there was a lot of work done from CNCF TAG Observerability around representing inventory and assets in a graph database. There...
While writing some tests, having the ability to have more granular database queries is very helpful! However, the issue it brings about is that this muddles the abstraction of the...
[Deps.dev](https://deps.dev/) has a lot of existing data crawled from open source packages. We'd ideally be able to utilize the information available there to perform analysis and aggregation from. There are...