-
Notifications
You must be signed in to change notification settings - Fork 8
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #57 from funnelfiasco/v080-release_announcement
Add a blog post announcing the v0.8.0 release
- Loading branch information
Showing
1 changed file
with
35 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
--- | ||
title: GUAC v0.8.0 released | ||
layout: post | ||
authors: ["GUAC Maintainers"] | ||
date: 2024-07-25 | ||
include_footer: true | ||
--- | ||
|
||
[GUAC v0.8.0](https://github.com/guacsec/guac/releases/tag/v0.8.0) is now available. | ||
This release brings support for license information, node deletion, and many other improvements. | ||
You can now run vulnerability scans immediately on SBOM ingestion with the `--add-vuln-on-ingest` flag instead of waiting for the OSV certifier to run. | ||
To better represent the real world, the `isDependency` relationship now only exists on package versions instead of the package name. | ||
For a full list of changes, see the [release page on GitHub](https://github.com/guacsec/guac/releases/tag/v0.8.0). | ||
|
||
### License information support | ||
|
||
GUAC v0.8.0 adds support for parsing license information provided in [CycloneDX SBOMs](https://cyclonedx.org/use-cases/#license-compliance). | ||
The new release also includes a new experimental ClearlyDefined certifier. | ||
GUAC will query the [ClearlyDefined license data store](https://clearlydefined.io/) to discover license information for packages, even when the SBOM does not include that information. | ||
|
||
Although licenses don't directly impact security, they are an important part of understanding your software supply chain. | ||
We're excited to expand GUAC's capabilities in this area. | ||
|
||
### Node deletion | ||
|
||
GUAC v0.8.0 adds support for deleting the following evidence nodes: `certifyVuln`, `hasSBOM`, and `hasSLSA`. | ||
This is helpful when SBOMs were ingested by accident or as part of a short-term demo. | ||
`Delete` is supported in both the key value and the ENT backends. | ||
If there are other nodes that you have a use case for deleting, please [file an issue](https://github.com/guacsec/guac/issues/new?assignees=&labels=enhancement&projects=&template=feature_request.md&title=%5Bfeature%5D+FILL+THIS+IN) to let us know. | ||
|
||
### Join the community | ||
|
||
Thanks to the 10 contributors who made this release possible, including new contributor [Collin Berman](https://github.com/cberman). | ||
We'd love to have your contribution. | ||
If you have uses cases GUAC should support, or want to contribute to our code or documentation, [join us](/community)! |