Cloud Native Live: GUAC 101: Dip into the Delicious World of Software Supply Chain Security

CNCF Online Programs

Jun 11, 4:00 – 5:00 PM

Virtual event

About this event

Remember Log4j? What if next time, before the threat becomes a crisis, you could confidently answer the question, "Am I affected, and if so, where?"

With GUAC, you can.

GUAC - Graph for Understanding Artifact Composition - is a supply chain observability tool. It ingests software security metadata and stores it in a persistent graph database. This includes SBOMs, SLSA attestations, vulnerability reports, Vulnerability Exploitability eXchange (VEX) documents, OpenSSF Scorecards, and other sources. Users can then conduct fast and accurate queries against the data to identify potential risks and devise effective remediation plans.

In this livestream, get a taste of the cool things you can do with GUAC and learn how you can get involved. Together, we can safeguard software supply chains. See you there!


  • Ben Cotton


    Community Leader