GUAC — Graph for Understanding Artifact Composition — reached v1.0 on June 12, 2025, marking the project's transition from experimental research code to a stable OpenSSF Incubating project that downstream consumers can build on. The release is a milestone for the software supply chain security community because GUAC plays a specific architectural role that no other widely-deployed open source tool occupies. Rather than producing attestations (Sigstore's job) or scoring repositories (Scorecard's job), GUAC ingests heterogeneous supply chain documents — SBOMs in CycloneDX and SPDX, VEX documents in OpenVEX and CSAF, in-toto attestations in DSSE envelopes, Scorecard outputs — normalizes the entities they describe, and exposes the resulting knowledge graph via a stable GraphQL API. v1.0 is the version that promises that API will not break.
What was the road to v1.0?
GUAC began inside Kusari, Google, Purdue University, and Citi as a research project in 2022, with v0.1 in early 2023 and a series of v0.x releases through 2024 that progressively expanded parser coverage and database backend support. The v0.14.0 release in late 2024 was the de-facto last pre-stable version. The June 2025 announcement framed v1.0 not as a feature-heavy release — it shipped primarily bug fixes from v0.14.0 — but as a stability commitment. Specifically, the project committed that the listed v1.0 elements — the GraphQL schema, the certifier and ingestor plugin contracts, the supported document parsers — will not change in incompatible ways within the 1.x series.
What documents does GUAC ingest as of v1.0?
The v1.0 parser set covers the major supply chain document formats in active use:
| Format | Purpose | GUAC v1.0 Support | | --- | --- | --- | | CycloneDX | SBOM | Stable, 1.4 / 1.5 / 1.6 | | SPDX | SBOM | Stable, 2.2 / 2.3 | | OpenVEX | Vulnerability exploitability exchange | Stable | | CSAF | OASIS vulnerability advisory | Stable, 2.0 | | in-toto ITE-6 | Attestation predicates | Stable | | DSSE | Signed envelope | Stable | | OpenSSF Scorecard | Security health | Stable | | SLSA Provenance v1 | Build attestation | Stable |
CycloneDX 1.7 and SPDX 3.0.1 parser support landed in subsequent point releases through autumn 2025; check the changelog for the version pinned in your deployment.
What does the GraphQL surface look like?
GUAC's central design idea is that everything ingested becomes a node or edge in a heterogeneous graph: packages, source repositories, builders, vulnerabilities, scorecards, attestations, certifications. The GraphQL schema makes those nodes queryable in a way that lets operators answer questions a single SBOM cannot. A representative query:
query criticalDependents {
Package(pkgSpec: { type: "npm", name: "left-pad" }) {
namespaces {
names {
versions {
isDependencyOf {
package { type name version }
dependencyType
}
certifyVuln {
vulnerability { vulnerabilityIDs }
}
}
}
}
}
}
This returns every package that depends on left-pad together with any known vulnerabilities affecting those dependents — a query that requires correlating multiple SBOMs and a vulnerability feed, and that GUAC executes in a single graph traversal.
What are certifiers and how do they extend GUAC?
GUAC v1.0 formalizes a plugin contract called a "certifier" — a component that examines existing graph nodes and emits new edges of certification (vulnerability, license, scorecard, EOL status). The shipped certifiers include OSV (vulnerabilities), ClearlyDefined (license), Scorecard, and a basic deps.dev lookup. The contract is documented and stable in v1.0, so external teams can ship certifiers that emit custom edges — for instance an internal "approved supplier" certifier that flags every package sourced from a vetted internal mirror. Certifier outputs are themselves stored as nodes so the provenance of each certification is auditable.
What database backends does v1.0 support?
The v1.0 release supports three storage backends with different operational profiles. The in-memory backend is for development and small graphs. The ArangoDB backend has been the historical performance leader for graph-heavy workloads and is the recommended production choice for large customers. The Ent-based backend supports PostgreSQL and is the right choice when operators want a SQL-shaped data store and are willing to accept the join overhead for graph traversals. GUAC's choice not to standardize on a single backend reflects the reality that different ingestion volumes — 10k vs. 10M components — have different operational sweet spots.
How do I deploy GUAC v1.0 in production?
The recommended deployment is the official Helm chart, which provisions the ingestion API, the GraphQL server, a chosen backend, and a set of cron-driven certifier jobs. A minimal production deployment looks like this:
apiVersion: v1
kind: ConfigMap
metadata:
name: guac-config
data:
guac.yaml: |
backend: arango
arango:
addr: "http://arangodb:8529"
user: guac
ingest:
collector:
files: /var/lib/guac/inbox
polling_interval: 60s
certifiers:
- name: osv
schedule: "0 */6 * * *"
- name: scorecard
schedule: "0 0 * * *"
Customers running CI pipelines that produce SBOMs and attestations point those artifacts at the inbox collector either by writing files or by posting to the ingestion API; GUAC handles parsing and graph linking from there.
How Safeguard Helps
Safeguard's ingestion pipeline supports GUAC v1.0 as a peer system. Customers who already run GUAC internally can forward their normalized graph into Safeguard's tenant via the federation connector, avoiding duplicate ingest of the same SBOMs and attestations. For customers who do not run GUAC, Safeguard's internal graph implements the same query semantics — package-dependency-vulnerability-attestation traversals are first-class — and exposes them through Griffin AI's natural-language interface rather than raw GraphQL. The two products complement each other: GUAC is the open standard reference implementation, Safeguard is the managed multi-tenant offering with policy gates, AI query, and procurement workflows on top. Customers can pick either and migrate in either direction without losing their attestation history.