guacsec/guac

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/guacsec/guac)

guacsec / guac

GUAC aggregates software security metadata into a high fidelity graph database.

☆1,450

Alternatives and similar repositories for guac

Users that are interested in guac are comparing it to the libraries listed below

Sorting:

slsa-framework / slsa
View on GitHub
Supply-chain Levels for Software Artifacts
☆1,814Feb 20, 2026Updated last week
in-toto / witness
View on GitHub
Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact pro…
☆517Updated this week
protobom / protobom
View on GitHub
A universal SBOM representation in protocol buffers
☆316Feb 18, 2026Updated last week
buildsec / frsca
View on GitHub
☆255Feb 23, 2026Updated last week
in-toto / attestation
View on GitHub
in-toto Attestation Framework
☆326Feb 17, 2026Updated last week
ossf / scorecard
View on GitHub
OpenSSF Scorecard - Security health metrics for Open Source
☆5,283Updated this week
eBay / sbom-scorecard
View on GitHub
Generate a score for your sbom to understand if it will actually be useful.
☆238Aug 13, 2024Updated last year
guacsec / guac-visualizer
View on GitHub
Visualizer for GUAC
☆30Updated this week
kubernetes-sigs / bom
View on GitHub
A utility to generate SPDX-compliant Bill of Materials manifests
☆443Updated this week
chainloop-dev / chainloop
View on GitHub
SDLC evidence store and policy engine for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, and more
☆529Updated this week
interlynk-io / sbomqs
View on GitHub
sbomqs: The Comprehensive SBOM Quality & Compliance Tool
☆269Updated this week
in-toto / in-toto
View on GitHub
in-toto is a framework to protect supply chain integrity.
☆976Feb 11, 2026Updated 2 weeks ago
devops-kung-fu / bomber
View on GitHub
Scans Software Bill of Materials (SBOMs) for security vulnerabilities
☆603Feb 10, 2026Updated 2 weeks ago
kusaridev / spector
View on GitHub
Tooling and library for generation, validation and verification of supply chain metadata documents and frameworks
☆33Apr 22, 2025Updated 10 months ago
bomctl / bomctl
View on GitHub
Format agnostic SBOM tooling
☆132Nov 20, 2025Updated 3 months ago
in-toto / archivista
View on GitHub
Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for so…
☆108Feb 23, 2026Updated last week
openvex / spec
View on GitHub
OpenVEX Specification
☆168Jan 16, 2026Updated last month
anchore / syft
View on GitHub
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
☆8,416Updated this week
mindersec / minder
View on GitHub
Software Supply Chain Security Platform
☆375Updated this week
sigstore / cosign
View on GitHub
Code signing and transparency for containers and binaries
☆5,683Updated this week
sigstore / rekor
View on GitHub
Software Supply Chain Transparency Log
☆1,088Feb 23, 2026Updated last week
awesomeSBOM / awesome-sbom
View on GitHub
A curated list of SBOM (Software Bill Of Materials) related tools, frameworks, blogs, podcasts, and articles
☆568May 20, 2025Updated 9 months ago
chainguard-dev / vex
View on GitHub
vexctl is a tool to attest VEX impact statements
☆45Mar 27, 2023Updated 2 years ago
snyk / parlay
View on GitHub
Enrich SBOMs with data from third party services
☆220Feb 11, 2026Updated 2 weeks ago
CycloneDX / specification
View on GitHub
OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reductio…
☆485Updated this week
CycloneDX / transparency-exchange-api
View on GitHub
A standard API specification for exchanging supply chain artifacts and intelligence
☆100Feb 20, 2026Updated last week
microsoft / sbom-tool
View on GitHub
The SBOM tool is a highly scalable and enterprise ready tool to create SPDX 2.2 compatible SBOMs for any variety of artifacts.
☆1,984Feb 20, 2026Updated last week
gittuf / gittuf
View on GitHub
A security layer for Git repositories
☆578Updated this week
ossf / allstar
View on GitHub
GitHub App to set and enforce security policies
☆1,391Feb 23, 2026Updated last week
google / osv-scanner
View on GitHub
Vulnerability scanner written in Go which uses the data provided by https://osv.dev
☆8,480Feb 23, 2026Updated last week
anchore / grype
View on GitHub
A vulnerability scanner for container images and filesystems
☆11,652Updated this week
openvex / vexctl
View on GitHub
A tool to create, transform and attest VEX metadata
☆176Updated this week
DependencyTrack / dependency-track
View on GitHub
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supp…
☆3,623Updated this week
openclarity / openclarity
View on GitHub
OpenClarity is an open source platform built to enhance security and observability of cloud native applications and infrastructure
☆1,450Updated this week
package-url / purl-spec
View on GitHub
A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby
☆980Updated this week
stacklok / sigstore-the-hard-way
View on GitHub
sigstore the hard way!
☆118Aug 6, 2025Updated 6 months ago
in-toto / in-toto-golang
View on GitHub
A Go implementation of in-toto. in-toto is a framework to protect software supply chain integrity.
☆145Feb 13, 2026Updated 2 weeks ago
aquasecurity / chain-bench
View on GitHub
An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchm…
☆769Dec 11, 2024Updated last year
google / osv.dev
View on GitHub
Open source vulnerability DB and triage service.
☆2,501Updated this week