forked from guacsec/guac-landing
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathconfig.yaml
275 lines (254 loc) · 10.8 KB
/
config.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
baseURL: /
languageCode: en-us
publishDir: public/
canonifyURLs: true
title: guac
theme: hugo-fresh
googleAnalytics: G-VVPLWNX4L9
outputs:
home:
- html
section:
- html
- rss
# Disables warnings
disableKinds:
- taxonomy
- taxonomyTerm
services:
rss:
limit: 10
markup:
goldmark:
renderer:
unsafe: true # Allows you to write raw html in your md files
params:
include_footer: true
# Open graph allows easy social sharing. If you don't want it you can set it to false or just delete the variable
openGraph: true
# Used as meta data; describe your site to make Google Bots happy
description:
navbarlogo:
# Logo (from static/images/logos/___)
image: logos/guac-logo-squareish.png
link: /
text: GUAC
font:
name: "Open Sans"
sizes: [400,600]
hero:
# Main hero title
title: Know your software supply chain
# Hero subtitle (optional)
subtitle: GUAC gives you directed, actionable insights into the security of your software supply chain.
# Button text
button1text: Find out more
button1link: "/why-guac"
button2text: Try it out
button2link: "https://docs.guac.sh/getting-started/"
button3text: Now an OpenSSF incubating project!
button3link: "https://openssf.org/blog/2024/03/07/guac-joins-openssf-as-incubating-project/"
# Hero image (from static/images/___)
#image: illustrations/worker.svg
image: logos/guac-logo.png
# Footer logos (from static/images/logos/clients/___.svg)
# clientlogos:
# - systek
# - tribe
# - kromo
# - infinite
# - gutwork
# Customizable navbar. For a dropdown, add a "sublinks" list.
navbar:
- title: Why GUAC?
url: /why-guac
- title: Community
url: /community
- title: Blogs
url: /blogs
- title: Demos
url: https://docs.guac.sh/guac-use-cases/
- title: Docs
url: https://docs.guac.sh/
- title: Github
url: https://github.com/guacsec/guac
button: true
# - title: Dropdown
# sublinks:
# - title: Dropdown item
# url: /
# - title: Dropdown item
# url: /
# - title: Dropdown item
# url: /
# - title: Log in
# url: /
# - title: Sign up
# url: /
# button: true
#sidebar:
# # Logo (from /images/logos/___.svg)
# logo: fresh-square
# sections:
# - title: User
# icon: user
# links:
# - text: Profile
# url: /
# - text: Account
# url: /
# - text: Settings
# url: /
# - title: Messages
# icon: envelope
# links:
# - text: Inbox
# url: /
# - text: Compose
# url: /
# - title: Images
# icon: image
# links:
# - text: Library
# url: /
# - text: Upload
# url: /
# - title: Settings
# icon: cog
# links:
# - text: User settings
# url: /
# - text: App settings
# url: /
section1:
title: How GUAC can help you
subtitle: These are just a few examples of insights that GUAC can give you to improve your software security posture
tiles:
- title: Unveils gaps
icon: binoculars
texts:
- text: Find the most used critical components in a software supply chain ecosystem
- text: Track if all binaries in production trace back to a securely managed repository
- text: Prevent supply chain compromises before they happen
- text: Find exposures to risky dependencies
url: https://github.com/guacsec/guac
buttonText: Find GUAC
- title: Compliance
icon: check
texts:
- text: Determine ownership of applications by organization
- text: Look for evidence that the application you're about to deploy meets your organization's policies
- text: Determine which application is missing SBOM or SLSA attestations
- text: Conduct SBOM Diffs to quickly determine changes between versions
url: https://github.com/guacsec/guac
buttonText: Get GUAC
- title: Threat Detection
icon: skull-crossbones
texts:
- text: Determine the blast radius of a bad package or a vulnerability and provide information and a patch plan towards remediation
- text: Track a suspicious project lifecycle event back to when it was introduced
- text: Obtain greater insight into vendor software vulnerabilities via VEX and project deprecation
url: https://github.com/guacsec/guac
buttonText: Eat GUAC
# section2:
# title: What does GUAC do?
# subtitle: ""
# features:
# - title: Establishes connections between your software catalog
# icon: illustrations/undraw/undraw_share_link_re_54rx.svg
# - title: Unveils gaps in the software supply chain data using other data sources
# icon: illustrations/undraw/undraw_personal_data_re_ihde.svg
# - title: Identifies threats in your supply chain and provides a path to remediation
# icon: illustrations/undraw/undraw_software_engineer_re_tnjc.svg
sectionCollab:
title: In Open Source collaboration with
others:
- text: and other open source contributors...
link: https://github.com/guacsec/guac/graphs/contributors
orgsBig:
- name: Google
logo: google.png
# <!-- logos at images/logos/ -->
link: https://google.com/
- name: Kusari
logo: kusari.svg
link: https://kusari.dev
orgs:
- name: Purdue University
link: https://www.purdue.edu/
logo: purdue.png
- name: Citi
link: https://www.citi.com/
logo: citi.png
- name: and many open source contributors...
link: https://github.com/guacsec/guac/contributors
sectionGithub:
title: What's next?
subtitle: Learn more about GUAC
button1Text: Github
button1Link: https://github.com/guacsec/guac
button2Text: Demos
button2Link: https://docs.guac.sh/guac-use-cases/
sectionVision:
title: Our Vision
subtitle: GUAC (Graph for Understanding Artifact Composition) aims to fill in the gaps by ingesting software metadata, like SBOMs, and mapping out relationships between software. When you know how one piece of software affects another, you’ll be able to fully understand your software security position and act as needed.
image: illustrations/undraw/undraw_image_viewer_re_7ejc.svg
sectionOpenssf:
title: GUAC is now an OpenSSF Incubating Project!
image: logos/OpenSSF-GUAC.png
subtitle: The Graph for Understanding Artifact Composition (GUAC) maintainers are pleased to announce the project has joined the Open Source Security Foundation (OpenSSF) as an Incubating Project in the Supply Chain Integrity Working Group.
buttonText: Learn More
buttonLink: "https://openssf.org/blog/2024/03/07/guac-joins-openssf-as-incubating-project/"
sectionUniid:
title: Try the GUAC Beta today!
subtitle: Get started with GUAC today by taking a look at our GUAC Beta demos and tutorials!
buttonText: Check out our demos
buttonLink: "https://docs.guac.sh/guac-use-cases/"
section4:
title: What people are saying about GUAC!
subtitle: Hear what our community and partners have to say about GUAC!
clients:
- name: Dejan Bosanac
quote: With the growing number of software supply chain security (SSCS) data, tools that allow us to find relevant information are crucial. Guac, providing graph representation of software packages, dependencies, vulnerabilities, attestations, etc. is a great tool for use cases in this domain. With mechanisms to ingest and certify data from various sources and GraphQL API to later query those data, we see it as a good foundation for our current and future SSCS efforts. Being a true open source initiative with a welcoming community is just a plus.
job: Engineer at Red Hat
img: 3
- name: Hemil Kadakia
quote: At Yahoo, we have found immense value and significant efficiency by utilizing the open source project GUAC. GUAC has allowed us to streamline our processes and increase efficiency in a way that was not possible before. It allows us to ingest large number of SBOMs and also provides an interface to visualize the current state of images & packages used at Yahoo in real time. We look forward to continuing to utilize GUAC and contribute to its growth in any way we can.
job: Sr. Mgr. Software Dev Engineering, Paranoids, Yahoo.
img: 3
- name: Sean Terretta
quote: As the CTO of ClearAlpha, I can't recommend GUAC enough for companies looking to boost their software security. GUAC's innovative approach to software supply chain security helps uncover hidden gaps and threats as we’re downloading dependencies and building apps, making it a perfect fit for our “solve it earlier” mindset at ClearAlpha. It also lines up with our commitment to transparency, open-source principles, and continuous learning. GUAC works well in teams practicing the rugged software manifesto, focusing on strong coding practices, constant testing, and automated tools to enhance security. Plus, its ability to trace risks back to their source aligns with our proactive risk awareness goals, enabling companies to spot and tackle potential issues early on. GUAC is just a fantastic tool to help any organization improve their software security with principles we all should value. If you're a tech founder, you'll definitely want to have GUAC on your team!
job: CTO at ClearAlpha
img: 3
- name: Anoop Gopalakrishnan
quote: GUAC came along as an open-source software at the right time helping us pivot away from building a bespoke solution and involving ourselves with the best minds behind the project. The value we see with GUAC is its flexibility and plugin architecture leading up to helping the users achieve compliance at different levels. The biggest benefit of GUAC has been producing it in the open with a widespread community behind it, from Google to Kusari and others. As the industry progresses, the threats to the software supply chain will become more complex, and relying on a tool backed by people with many years of experience in the area would make things easier for Guidewire to consume.
job: Vice President Of Engineering at Guidewire Software
img: 3
section5: true
footer:
# Logo (from /images/logos/___)
logo: guac-logo-squareish.png
# Social Media Title
socialmediatitle: Follow GUAC
# # Social media links (GitHub, Twitter, etc.). All are optional.
socialmedia:
# # Icons are from Font Awesome
- link: /blog/index.xml
icon: rss
- link: https://youtube.com/@guacsec
icon: youtube
- link: https://github.com/guacsec
icon: github
quicklinks:
column1:
title: "Community"
titleLink: /community
column2:
title: "Blogs"
titleLink: /blogs
column3:
title: "Demos"
titleLink: https://docs.guac.sh/guac-use-cases/
column4:
title: "Docs"
titleLink: https://docs.guac.sh/