Skip to main content

GUAC adopts license metadata from ClearlyDefined

· One min read
Nick Vidal
Community Manager at Open Source Initiative

The software supply chain just gained some transparency thanks to an integration of the Open Source Initiative (OSI) project, ClearlyDefined, into GUAC (Graph for Understanding Artifact Composition), an OpenSSF project from the Linux Foundation. GUAC provides a comprehensive mapping of software packages, dependencies, vulnerabilities, attestations, and more, allowing organizations to achieve better compliance and security of their software supply chain.

Read more: https://opensource.org/blog/guac-adopts-license-metadata-from-clearlydefined