guac
guac copied to clipboard
guacsec
GUAC aggregates software security metadata into a high fidelity graph database.
Signed-off-by: pxp928 Adds vulnerability certifier parser that generates the package node, attestation node, and vulnerability nodes based on the vulnerability attestation defined. The package node is merged into the existing...
While working with some CDX SBOMs, we were faced with some entries where PURLs were not available (ref: https://github.com/guacsec/guac/issues/236). Additional discussion is needed to ensure that we are able to...
As with https://github.com/guacsec/guac/issues/236, we saw a bug where a parser was allowed to create a GuacNode/Edge without filling up an identifier.
Add ability for GUAC to add document locator URIs so that users are able to retrieve the evidence documents to evaluate/audit if they are made publicly available. This could be...
Design and develop a GUAC API to query vulnerability information in a useful way for policy making and insights (e.g. What artifacts/packages depend on a particular library (e.g. log4j)) Depends...
While trying guac with a CycloneDX SBOM I found that no edges are being created. To make sure this is a reproducable case you could run the following commands to...
Design and develop an OSV certifier that will be able to create attestations on artifacts in GUAC such that they are usable for vulnerability queries
Evaluate the scalability of GUAC queries based on how much data we are expecting to ingest and be available within the next few years. This issue should include: - sizing...
Today, source information data is stored in GUAC database as a string field. However, there is possibility that a node or an edge is populated from multiple sources. There needs...