Google's GUAC Open Source Tool Centralizes Software Security Metadata

Google today introduced Graph for Understanding Artifact Composition (GUAC), an open source tool for centralizing build, security, and dependency metadata.
Developed in collaboration with Kusari, Purdue University, and Citi, the new project is meant to help organizations better understand software supply chains.
read more