Merge pull request #39 from funnelfiasco/issue35-blog_multifile

Split the blog from a single file to multiple

README.md

@@ -16,8 +16,42 @@ The repository requires a [Developer Certificate of Origin](https://developercer
 We do not have a style guide yet.
 Perhaps someday.
 
+### Adding a blog post
+
+Blog posts come from files in content/blog.
+Use a filename of the format `YYYY-MM-DD-WORDS_GO_HERE.md`.
+The date encoded in the file name doesn't matter for publication, but it makes sorting in the repo easier.
+
+The file must begin with a header that contains some pertinent information:
+
+* `title`: The title of the post.
+* `date`: The date (in `YYYY-MM-DD` format.
+Other formats *might* work, but why take chances?)
+This is the date used by Hugo to sort the posts.
+*If you use a date in the future, it will not be listed on the blog page.*
+* `authors` (optional): An array of names to list as the author.
+If you only have one author, it still needs to be quoted and in square brackets.
+* `include_footer`: Something we shouldn't have to add, but do for now.
+
+A complete header looks something like:
+
+```
+---
+title: This is a great blog post
+date: 2023-04-13
+authors: ["Ben Cotton", "Jane Doe", "Blogger McBlogface"]
+include_footer: true
+---
+```
+
+Below the header, write the content.
+For ease of writing, use Markdown by default.
+You may use HTML when needed.
+
 ## Layout
 
 * config.yml — Site configuration and main page content
-* content/blogs.md — Blog posts
+* content/blog/* — Blog posts
 * content/* — Other pages
+
+

content/blog/2022-10-20-announcing_guac-google.md

@@ -0,0 +1,15 @@
+---
+title: Announcing GUAC, a great pairing with SLSA (and SBOM)!
+date: 2022-10-20
+authors: ["Brandon Lum", "Mihai Maruseac", "Isaac Hepworth"]
+include_footer: true
+---
+
+Supply chain security is at the fore of the industry’s collective consciousness.
+We’ve recently seen a significant rise in software supply chain attacks, a Log4j
+vulnerability of catastrophic severity and breadth, and even an Executive Order
+on Cybersecurity.
+
+<a href="https://security.googleblog.com/2022/10/announcing-guac-great-pairing-with-slsa.html" class="button">Read
+the full post on the Google Security Blog</a>
+

content/blog/2022-10-20-announcing_guac-kusari.md

@@ -0,0 +1,14 @@
+---
+title: A high fidelity view of software supply chain
+date: 2022-10-20
+include_footer: true
+---
+
+Understanding and maintaining your software supply chain can be a task that needs 24/7 vigilance.
+The recent report from Sonatype: State of the Software Supply Chain has shown that supply chain attacks are on the rise (742% average annual increase in the past 3 years).
+Along with the fact that 6 out of the 7 project vulnerabilities come from transitive dependencies, the industry is in desperate need of having a clear, holistic understanding of the software supply
+chain.
+
+<!-- Blog post no longer exists
+<a href="https://www.kusari.dev/blog/announcement_guac/" class="button">Read the full post on Kusari</a>
+-->

content/blog/2023-05-24-guac-v0.1-google.md

@@ -0,0 +1,15 @@
+---
+title: Announcing the launch of GUAC v0.1
+authors: ["Brandon Lum", "Mihai Maruseac"]
+date: 2023-05-24
+include_footer: true
+---
+
+Today, we are announcing the launch of the v0.1 version of Graph for Understanding Artifact Composition (GUAC).
+Introduced at Kubecon 2022 in October, GUAC targets a critical need in the software industry to understand the software supply chain.
+In collaboration with Kusari, Purdue University, Citi, and community members, we have incorporated feedback from our early testers to improve GUAC and make it more useful for security professionals.
+This improved version is now available as an API for you to start developing on top of, and integrating into, your systems.
+
+<a href="https://security.googleblog.com/2023/05/announcing-launch-of-guac-v01.html" class="button">Read
+the full post on the Google Security Blog</a>
+

content/blog/2023-05-24-guac-v0.1-kusari.md

@@ -0,0 +1,12 @@
+---
+title: Announcement for the GUAC v0.1 beta release
+authors: ["Tim Miller"]
+date: 2023-05-24
+include_footer: true
+---
+
+Kusari is excited to announce the v0.1 beta release of GUAC — Graph for Understanding Artifact Composition.
+This open-source tool, created in partnership with Google and with valuable input from Purdue University and Citi, is set to change the game in software supply chain analysis.
+
+<a href="https://www.kusari.dev/blog/guac-v0-1-beta-release" class="button">Read
+the full post on Kusari</a>

content/blog/2023-06-27-g_in_guac.md

@@ -0,0 +1,13 @@
+---
+title: Quest to determine the 'G' in GUAC
+authors: ["Parth Patel"]
+date: 2023-06-27
+include_footer: true
+---
+
+As we work to meet the goals of persistence in GUAC, we are running a series of analyses and comparisons among the many different graph database options.
+GUAC has a few critically important requirements for the backend, including: efficient ingestion of data, performant complex queries, the schema in which the data is stored, and finally optimization of the query based on the specific language.
+
+<a href="https://www.kusari.dev/blog/quest-to-determine-the-g-in-guac" class="button">Read
+the full post on Kusari</a>
+

content/blog/2023-10-16-terror_curl.md

@@ -0,0 +1,15 @@
+---
+title: Terror of cURL - Preparation is half the battle
+date: 2023-10-16
+authors: ["Parth Patel", "Brandon Lum", "Mihai Maruseac"]
+include_footer: true
+---
+
+Last week, on October 11th, we finally found out more information on the high-severity CVE that affected numerous versions of cURL.
+Everyone was waiting in dreaded anticipation to determine if they were affected or not!
+
+GUAC allows you to be proactive in responding to threats without waiting for the CVEs to be released, reducing the MTTR significantly!
+In our latest combined blog with Brandon Lum and Mihai Maruseac, we discuss this in greater detail and provide insight.
+
+<a href="https://www.kusari.dev/blog/terror-of-curl/" class="button">Read
+the full post on Kusari</a>

content/blog/2024-03-07-joining_openssf.md

@@ -0,0 +1,11 @@
+---
+title: Graph for Understanding Artifact Composition (GUAC) Joins OpenSSF as Incubating Project
+date: 2024-03-07
+authors: ["GUAC Maintainers"]
+include_footer: true
+---
+
+The GUAC maintainers are pleased to announce the project has joined the Open Source Security Foundation (OpenSSF) as an Incubating Project.
+
+<a href="http://www.kusari.dev/blog/graph-for-understanding-artifact-composition-guac-joins-openssf-as-incubating-project" class="button">Read
+the full post</a>

content/blog/2024-05-06-guac-v0.6.0.md

@@ -0,0 +1,11 @@
+---
+title: Graph for Understanding Artifact Composition (GUAC) adds persistent storage in v0.6.0 release
+date: 2024-05-06
+include_footer: true
+authors: ["GUAC Maintainers"]
+---
+
+The GUAC community maintainers, contributors and collaborators are thrilled to announce – GUAC is persistent!
+Following a year-long effort of significant collaboration and development, GUAC has standardized on and fully supports the popular open source database system, PostgreSQL, for its persistent backend storage.
+
+<a href="https://www.kusari.dev/blog/graph-for-understanding-artifact-composition-guac-adds-persistent-storage-in-v0-6-0-release" class="button">Read the full post</a>

content/blog/2024-05-17-upcoming_webinars.md

@@ -0,0 +1,11 @@
+---
+title: Upcoming OpenSSF and CNCF webinars
+authors: ["Ben Cotton"]
+date: 2024-05-17
+inclue_footer: true
+---
+Join us for two upcoming webinars to learn more about GUAC.
+
+* [OpenSSF Tech Talk](https://openssf.org/blog/2024/05/16/join-our-upcoming-openssf-tech-talk-proactive-supply-chain-security-with-guac/) — 6 Jun at 1 PM Eastern (1700 UTC)
+* [CNCF Live](https://community.cncf.io/events/details/cncf-cncf-online-programs-presents-cloud-native-live-guac-101-dip-into-the-delicious-world-of-software-supply-chain-security/) — 11 Jun at noon Eastern (1600 UTC)
+

content/blog/2024-05-29-maintainer_meetings.md

@@ -0,0 +1,12 @@
+---
+title: GUAC maintainer meetings now public
+date: 2024-05-29
+layout: post
+authors: ["GUAC Maintainers"]
+include_footer: true
+---
+
+In the interests of a transparent open source community, the weekly GUAC Maintainer meetings are now public.
+Join us on Mondays at [11 AM Eastern](https://www.google.com/calendar/event?eid=NjBrdDZ0MzVsbTRiNjNqbGhpajVxMXQ0MGJfMjAyNDA2MDNUMTUwMDAwWiBzNjN2b2VmaHA1aTlwZmx0YjVxNjduZ3Blc0Bn&ctz=America/New_York).
+The meeting is open to interested community members, but is primarily for maintainer discussion.
+For general questions and discussion, join us in [#guac](https://openssf.slack.com/archives/C03U677QD46) on the OpenSSF Slack.

content/blog/2024-06-04-guac-v0.7.0.md

@@ -0,0 +1,21 @@
+---
+title: GUAC v0.7.0 released
+layout: post
+authors: ["GUAC Maintainers"]
+date: 2024-06-04
+include_footer: true
+---
+
+The GUAC maintainers are happy to announce the [release of GUAC v0.7.0](https://github.com/guacsec/guac/releases/tag/v0.7.0).
+This release includes several pagination features in order to improve the performance of large result sets from queries.
+Also new in v0.7.0, the collector supports reading from a directory inside an Amazon S3 bucket, in addition to the previously supported single file and whole-bucket reads.
+We’ve improved the parsing of CycloneDX files to improve how transitive dependencies are represented.
+And building off of the persistent backend added in v0.6.0, the new release adds support for automatic schema migrations.
+
+As always, we thank the community members who contributed to this release.
+We’d love to have *you* join the GUAC community.
+See the [Contributor Guide](https://github.com/guacsec/guac/blob/main/CONTRIBUTING.md) for how to get started, and register for an upcoming program below.
+
+* June 6 | 10am Pacific, 1pm Eastern - [Proactive Supply Chain Security with GUAC](https://zoom.us/webinar/register/6017147595543/WN_jxAYJJieTVel2bdwzd3Aag)
+* June 11 | 9am Pacific, 12pm Eastern - [GUAC 101: Dip into the Delicious World of Software Supply Chain Security](https://community.cncf.io/events/details/cncf-cncf-online-programs-presents-cloud-native-live-guac-101-dip-into-the-delicious-world-of-software-supply-chain-security/)
+* June 20 | 10am Pacific, 1pm Eastern - [GUAC Community Meeting](https://www.google.com/calendar/event?eid=Nm45cmhpbWc3Y2ZxMGVnZDk5a2M5MTFkbDJfMjAyNDA2MjBUMTcwMDAwWiBzNjN2b2VmaHA1aTlwZmx0YjVxNjduZ3Blc0Bn&ctz=America/New_York)

content/blog/_index.md

@@ -0,0 +1,5 @@
+---
+title: GUAC Blog
+aliases: [/blogs]
+---
+

themes/hugo-fresh/assets/fresh/core.scss

@@ -17,4 +17,4 @@ Main SCSS file / Fresh
 @import 'partials/testimonials';
 @import 'partials/responsive';
 @import 'partials/utils';
-
+@import 'partials/posts';