-
Notifications
You must be signed in to change notification settings - Fork 8
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #39 from funnelfiasco/issue35-blog_multifile
Split the blog from a single file to multiple
- Loading branch information
Showing
20 changed files
with
272 additions
and
183 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
--- | ||
title: Announcing GUAC, a great pairing with SLSA (and SBOM)! | ||
date: 2022-10-20 | ||
authors: ["Brandon Lum", "Mihai Maruseac", "Isaac Hepworth"] | ||
include_footer: true | ||
--- | ||
|
||
Supply chain security is at the fore of the industry’s collective consciousness. | ||
We’ve recently seen a significant rise in software supply chain attacks, a Log4j | ||
vulnerability of catastrophic severity and breadth, and even an Executive Order | ||
on Cybersecurity. | ||
|
||
<a href="https://security.googleblog.com/2022/10/announcing-guac-great-pairing-with-slsa.html" class="button">Read | ||
the full post on the Google Security Blog</a> | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
--- | ||
title: A high fidelity view of software supply chain | ||
date: 2022-10-20 | ||
include_footer: true | ||
--- | ||
|
||
Understanding and maintaining your software supply chain can be a task that needs 24/7 vigilance. | ||
The recent report from Sonatype: State of the Software Supply Chain has shown that supply chain attacks are on the rise (742% average annual increase in the past 3 years). | ||
Along with the fact that 6 out of the 7 project vulnerabilities come from transitive dependencies, the industry is in desperate need of having a clear, holistic understanding of the software supply | ||
chain. | ||
|
||
<!-- Blog post no longer exists | ||
<a href="https://www.kusari.dev/blog/announcement_guac/" class="button">Read the full post on Kusari</a> | ||
--> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
--- | ||
title: Announcing the launch of GUAC v0.1 | ||
authors: ["Brandon Lum", "Mihai Maruseac"] | ||
date: 2023-05-24 | ||
include_footer: true | ||
--- | ||
|
||
Today, we are announcing the launch of the v0.1 version of Graph for Understanding Artifact Composition (GUAC). | ||
Introduced at Kubecon 2022 in October, GUAC targets a critical need in the software industry to understand the software supply chain. | ||
In collaboration with Kusari, Purdue University, Citi, and community members, we have incorporated feedback from our early testers to improve GUAC and make it more useful for security professionals. | ||
This improved version is now available as an API for you to start developing on top of, and integrating into, your systems. | ||
|
||
<a href="https://security.googleblog.com/2023/05/announcing-launch-of-guac-v01.html" class="button">Read | ||
the full post on the Google Security Blog</a> | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
--- | ||
title: Announcement for the GUAC v0.1 beta release | ||
authors: ["Tim Miller"] | ||
date: 2023-05-24 | ||
include_footer: true | ||
--- | ||
|
||
Kusari is excited to announce the v0.1 beta release of GUAC — Graph for Understanding Artifact Composition. | ||
This open-source tool, created in partnership with Google and with valuable input from Purdue University and Citi, is set to change the game in software supply chain analysis. | ||
|
||
<a href="https://www.kusari.dev/blog/guac-v0-1-beta-release" class="button">Read | ||
the full post on Kusari</a> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
--- | ||
title: Quest to determine the 'G' in GUAC | ||
authors: ["Parth Patel"] | ||
date: 2023-06-27 | ||
include_footer: true | ||
--- | ||
|
||
As we work to meet the goals of persistence in GUAC, we are running a series of analyses and comparisons among the many different graph database options. | ||
GUAC has a few critically important requirements for the backend, including: efficient ingestion of data, performant complex queries, the schema in which the data is stored, and finally optimization of the query based on the specific language. | ||
|
||
<a href="https://www.kusari.dev/blog/quest-to-determine-the-g-in-guac" class="button">Read | ||
the full post on Kusari</a> | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
--- | ||
title: Terror of cURL - Preparation is half the battle | ||
date: 2023-10-16 | ||
authors: ["Parth Patel", "Brandon Lum", "Mihai Maruseac"] | ||
include_footer: true | ||
--- | ||
|
||
Last week, on October 11th, we finally found out more information on the high-severity CVE that affected numerous versions of cURL. | ||
Everyone was waiting in dreaded anticipation to determine if they were affected or not! | ||
|
||
GUAC allows you to be proactive in responding to threats without waiting for the CVEs to be released, reducing the MTTR significantly! | ||
In our latest combined blog with Brandon Lum and Mihai Maruseac, we discuss this in greater detail and provide insight. | ||
|
||
<a href="https://www.kusari.dev/blog/terror-of-curl/" class="button">Read | ||
the full post on Kusari</a> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
--- | ||
title: Graph for Understanding Artifact Composition (GUAC) Joins OpenSSF as Incubating Project | ||
date: 2024-03-07 | ||
authors: ["GUAC Maintainers"] | ||
include_footer: true | ||
--- | ||
|
||
The GUAC maintainers are pleased to announce the project has joined the Open Source Security Foundation (OpenSSF) as an Incubating Project. | ||
|
||
<a href="http://www.kusari.dev/blog/graph-for-understanding-artifact-composition-guac-joins-openssf-as-incubating-project" class="button">Read | ||
the full post</a> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
--- | ||
title: Graph for Understanding Artifact Composition (GUAC) adds persistent storage in v0.6.0 release | ||
date: 2024-05-06 | ||
include_footer: true | ||
authors: ["GUAC Maintainers"] | ||
--- | ||
|
||
The GUAC community maintainers, contributors and collaborators are thrilled to announce – GUAC is persistent! | ||
Following a year-long effort of significant collaboration and development, GUAC has standardized on and fully supports the popular open source database system, PostgreSQL, for its persistent backend storage. | ||
|
||
<a href="https://www.kusari.dev/blog/graph-for-understanding-artifact-composition-guac-adds-persistent-storage-in-v0-6-0-release" class="button">Read the full post</a> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
--- | ||
title: Upcoming OpenSSF and CNCF webinars | ||
authors: ["Ben Cotton"] | ||
date: 2024-05-17 | ||
inclue_footer: true | ||
--- | ||
Join us for two upcoming webinars to learn more about GUAC. | ||
|
||
* [OpenSSF Tech Talk](https://openssf.org/blog/2024/05/16/join-our-upcoming-openssf-tech-talk-proactive-supply-chain-security-with-guac/) — 6 Jun at 1 PM Eastern (1700 UTC) | ||
* [CNCF Live](https://community.cncf.io/events/details/cncf-cncf-online-programs-presents-cloud-native-live-guac-101-dip-into-the-delicious-world-of-software-supply-chain-security/) — 11 Jun at noon Eastern (1600 UTC) | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
--- | ||
title: GUAC maintainer meetings now public | ||
date: 2024-05-29 | ||
layout: post | ||
authors: ["GUAC Maintainers"] | ||
include_footer: true | ||
--- | ||
|
||
In the interests of a transparent open source community, the weekly GUAC Maintainer meetings are now public. | ||
Join us on Mondays at [11 AM Eastern](https://www.google.com/calendar/event?eid=NjBrdDZ0MzVsbTRiNjNqbGhpajVxMXQ0MGJfMjAyNDA2MDNUMTUwMDAwWiBzNjN2b2VmaHA1aTlwZmx0YjVxNjduZ3Blc0Bn&ctz=America/New_York). | ||
The meeting is open to interested community members, but is primarily for maintainer discussion. | ||
For general questions and discussion, join us in [#guac](https://openssf.slack.com/archives/C03U677QD46) on the OpenSSF Slack. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
--- | ||
title: GUAC v0.7.0 released | ||
layout: post | ||
authors: ["GUAC Maintainers"] | ||
date: 2024-06-04 | ||
include_footer: true | ||
--- | ||
|
||
The GUAC maintainers are happy to announce the [release of GUAC v0.7.0](https://github.com/guacsec/guac/releases/tag/v0.7.0). | ||
This release includes several pagination features in order to improve the performance of large result sets from queries. | ||
Also new in v0.7.0, the collector supports reading from a directory inside an Amazon S3 bucket, in addition to the previously supported single file and whole-bucket reads. | ||
We’ve improved the parsing of CycloneDX files to improve how transitive dependencies are represented. | ||
And building off of the persistent backend added in v0.6.0, the new release adds support for automatic schema migrations. | ||
|
||
As always, we thank the community members who contributed to this release. | ||
We’d love to have *you* join the GUAC community. | ||
See the [Contributor Guide](https://github.com/guacsec/guac/blob/main/CONTRIBUTING.md) for how to get started, and register for an upcoming program below. | ||
|
||
* June 6 | 10am Pacific, 1pm Eastern - [Proactive Supply Chain Security with GUAC](https://zoom.us/webinar/register/6017147595543/WN_jxAYJJieTVel2bdwzd3Aag) | ||
* June 11 | 9am Pacific, 12pm Eastern - [GUAC 101: Dip into the Delicious World of Software Supply Chain Security](https://community.cncf.io/events/details/cncf-cncf-online-programs-presents-cloud-native-live-guac-101-dip-into-the-delicious-world-of-software-supply-chain-security/) | ||
* June 20 | 10am Pacific, 1pm Eastern - [GUAC Community Meeting](https://www.google.com/calendar/event?eid=Nm45cmhpbWc3Y2ZxMGVnZDk5a2M5MTFkbDJfMjAyNDA2MjBUMTcwMDAwWiBzNjN2b2VmaHA1aTlwZmx0YjVxNjduZ3Blc0Bn&ctz=America/New_York) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
--- | ||
title: GUAC Blog | ||
aliases: [/blogs] | ||
--- | ||
|
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.