|
| 1 | +--- |
| 2 | +title: GUAC v1.0 released |
| 3 | +layout: post |
| 4 | +authors: |
| 5 | + - GUAC Maintainers |
| 6 | +date: 2025-06-12 |
| 7 | +tags: |
| 8 | + - releases |
| 9 | +--- |
| 10 | + |
| 11 | +Big news in supply chain security: |
| 12 | +GUAC [v1.0](https://github.com/guacsec/guac/releases/tag/v1.0.0) is now available! |
| 13 | +Started by Kusari, Google, and Purdue University, GUAC has contributions from over 400 people representing more than 90 organizations including Microsoft and Red Hat. |
| 14 | +GUAC v1.0 brings several bug fixes since the v0.14.0 release, but is primarily a marker of what's considered stable. |
| 15 | + |
| 16 | +## What's stable |
| 17 | + |
| 18 | +Users can rely on the behavior of the elements listed blow not changing in an incompatible way. |
| 19 | +Future releases in the version 1 series may add support for new features so long as those changes don’t break existing stable workflows. |
| 20 | +Compatibility-breaking changes to stable elements will go into a future release series (e.g. version 2). |
| 21 | + |
| 22 | +* GraphQL API |
| 23 | +* Parsers for CSAF, OpenVEX, CycloneDX, DSSE, Intoto ITE6, SPDX, and OpenSSF Scorecard |
| 24 | +* Ingestion using Azure Blog Storage, Google Cloud Storage, Amazon S3, Memblob,and regular file system blobs |
| 25 | +* Ingestion-time enrichment from OSV, ClearlyDefined, and Deps.Dev |
| 26 | +* Certifiers for OSV and ClearlyDefined |
| 27 | +* The filesystem collector |
| 28 | +* Ent of Postgresql for persistent storage |
| 29 | + |
| 30 | +Other features remain available in GUAC, such as the OCI collector and end-of-life certifier, but they are considered experimental. |
| 31 | +Experimental features are subject to compatibility-breaking changes within the version 1 release series. |
| 32 | + |
| 33 | +## Who GUAC 1.0 is for |
| 34 | + |
| 35 | +GUAC v1.0 is for developers and platform engineering teams who: |
| 36 | + |
| 37 | +* Have tens to thousands of SBOMs |
| 38 | +* Need an extensible, powerful storage and enrichment tool for building a software supply chain solution |
| 39 | +* Are comfortable self-hosting infrastructure |
| 40 | +* Are comfortable writing queries against GraphQL APIs |
| 41 | + |
| 42 | +## Join us |
| 43 | + |
| 44 | +GUAC v1.0 is only the beginning! |
| 45 | +If you're interesting in [joining our community]({{< relref "../community.md" >}}) or [contributing]({{< relref "../contributing.md" >}}), we'd love to have you run GUAC, explore the ontology, and give us feedback on the problems GUAC solves (and doesn’t solve) for you. |
0 commit comments