GUAC adopts license metadata from ClearlyDefined
ยท One min read
The software supply chain just gained some transparency thanks to an integration of the Open Source Initiative (OSI) project, ClearlyDefined, into GUAC (Graph for Understanding Artifact Composition), an OpenSSF project from the Linux Foundation. GUAC provides a comprehensive mapping of software packages, dependencies, vulnerabilities, attestations, and more, allowing organizations to achieve better compliance and security of their software supply chain.
Read more: https://opensource.org/blog/guac-adopts-license-metadata-from-clearlydefined