Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Linux Foundation

Where Is the GUAC? - Understanding Artifact Composition in Software Supply Chains

Linux Foundation via YouTube

Overview

Explore the Graph for Understanding Artifact Composition (GUAC) in this informative conference talk. Discover how GUAC integrates metadata about software projects, artifacts, and attestations to provide a comprehensive view of the software supply chain. Learn how organizations can leverage GUAC to quickly identify vulnerabilities, determine necessary package updates, and assess their software ecosystem's security. Understand the process of ingesting SBOMs and attestations from various sources into a GraphQL-abstracted graph database. Gain insights into how GUAC utilizes identity information and trust policies to identify counterfactuals and answer critical security queries. Explore the integration of OSV, deps.dev, and Scorecards to enrich the graph with essential information for a complete overview of the software supply chain. Discover how this extensive dataset, combined with GraphQL, enables automated policies to determine artifact authorization for production environments.

Syllabus

Where Is the GUAC? - Parth Patel, Kusari & Mihai Maruseac, Google

Taught by

Linux Foundation

Reviews

Start your review of Where Is the GUAC? - Understanding Artifact Composition in Software Supply Chains

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.