Introducing Guac integration

Last week, we introduced our plugin system, which provides an easy way to extend Chainloop through integrations. Today, by popular demand, we are thrilled to announce the integration of Chainloop with Guac!

Graph for Understanding Artifact Composition (GUAC) aggregates software security metadata into a high fidelity graph database—normalizing entity identities and mapping standard relationships between them. Querying this graph can drive higher-level organizational outcomes such as audit, policy, risk management, and even developer assistance -

Chainloop is a single integration point, a pluggable metadata conduit that plugs into their existing CI/CD systems, providing routing of your Software Supply Chain (SSC) metadata to your vendor of choice.

Now, Chainloop users can automatically send signed in-toto attestations, as well as CycloneDX and SPDX Software Bill Of Materials (SBOMs), to a storage bucket. GUAC can then be configured to continuously monitor that bucket, ingest the data into a graph for data visualization, and perform queries.

We are very excited about the addition of the Guac project to our family of integrations. Guac not only provides complementary capabilities to Chainloop users but also aligns with our vision of supporting any data source, any metadata format, and any destination.

See the integration in action in the following video, give it a try following our how to guide, or send feedback our way.

Useful resources