This episode is about GUAC, which stands for Graph for Understanding Artifact Composition, is an open-source tool that helps software developers understand their software supply chain. By creating a database of software packages and their dependencies, GUAC can identify potential vulnerabilities and trace the path of those vulnerabilities through the supply chain. This allows developers to quickly understand which of their packages are affected and take action to mitigate those risks. The GUAC ecosystem includes a command-line interface, a visualizer (under development), and a GraphQL API for querying data. The source provides a demo that showcases GUAC's features, including identifying vulnerabilities and marking packages as malicious.
Podcast:
https://kabir.buzzsprout.com
YouTube:
https://www.youtube.com/@kabirtechdives
Please subscribe and share.
11/01/24 • 18 min
6 Listeners
Generate a badge
Get a badge for your website that links back to this episode
<a href="https://goodpods.com/podcasts/kabirs-tech-dives-594483/guac-for-startups-software-supply-chain-77508314"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to guac for startup's software supply chain on goodpods" style="width: 225px" /> </a>
Copy