Imagine having the power to proactively address critical vulnerabilities. Before a threat becomes a crisis, what if you could confidently answer the question, “Am I affected, and if so, where?” With Graph for Understanding Artifact Composition (GUAC), you can. Open Source Security Foundation (OpenSSF) Incubating Project GUAC is a software supply chain observability tool. It ingests software security metadata and stores it in a persistent graph database to query for consolidated information about your software. In this Tech Talk, you will meet the GUAC maintainers as they cover the project and its recent release, roadmap plans, and how you can contribute. Cybersecurity threats are constantly and quickly changing, but GUAC can help you stay ahead.
TECH TALK
OpenSSF Tech Talk: Proactive Supply Chain Security with GUAC
Thursday, June 6 | 10:00AM PT
The GUAC Tech Talk will discuss:
- Ingests SBOMs, SLSA attestations, vulnerability reports, VEX, OpenSSF Scorecard, and more and store the data using PostgreSQL
- Identifies the “blast radius” so you can determine the potential impact of a vulnerability and devise a tailored patch plan
- Maps threats to determine your risk, and thus minimize the window of exposure
Speakers:
David A. Wheeler (Moderator)
Director of Open Source Supply Chain Security, Linux Foundation
Brandon Lum,
Open Source Security Engineer, Google
Parth Patel
CPO/Co-Founder, Kusari