GUAC gives you directed, actionable insights into the security of your software supply chain

Software supply chain attacks are on the rise and it’s hard to know what your software is at risk for and how to protect it. Many tools are available to help you generate Software Bills of Materials (SBOMs), signed attestations, and vulnerability reports, but they stop there, leaving you to figure out how they all fit together.

GUAC illustration

Our vision

GUAC (Graph for Understanding Artifact Composition) aims to fill in the gaps by ingesting software metadata, like SBOMs, and mapping out relationships between software. When you know how one piece of software affects another, you’ll be able to fully understand your software security position and act as needed.

What does GUAC do?

Establishes connections between your software catalog
Unveils gaps in the software supply chain data using other data sources
Identifies threats in your supply chain and provides a path to remediation

How can GUAC help you?


Find the most used critical components in a software supply chain ecosystem


Find weaknesses in overall security posture


Prevent supply chain compromises before they happen

GUAC came along as an open-source software at the right time helping us pivot away from building a bespoke solution and involving ourselves with the best minds behind the project. The value we see with GUAC is its flexibility and plugin architecture leading up to helping the users achieve compliance at different levels. The biggest benefit of GUAC has been producing it in the open with a widespread community behind it, from Google to Kusari and others. As the industry progresses, the threats to the software supply chain will become more complex, and relying on a tool backed by people with many years of experience in the area would make things easier for Guidewire to consume.

Anoop Gopalakrishnan
Vice President Of Engineering at Guidewire Software

Want to have a conversation about your software supply chain?

We’d love to hear from you.  Get in touch and we'll get back to you.

Say Hello
By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.