Releases · guacsec/guac

25 Jul 18:11

github-actions

v0.8.0

0c6dc86

v0.8.0 Latest

Latest

Clearly Defined Certifier! (Experimental)
Parse CycloneDX Legal information (#1985)
Add vulnerability scanning on ingestion
[ENT] Implement deletion for certifyVuln, hasSBOM and hasSLSA (#1982).
Keyvalue PR already created (#2033)
Update slsa parser in-toto attestation library (#1988)
Update slsa parser to use ResourceDescriptor (#1988)
[ENT] Fix node , improve package qualifiers query and add missing indexes to speed up query performance (#1989, #1999, #2020 and #2032)
Include e2e tests for guaccollect, guacingest, and ent (#1998)
Change isDependency to be only at the pkgVersion
Fix make all and make build (#2014)

Contributors

What's Changed

8e8bf52 #1996 Improve package's qualifiers query (#1997)
d55629f Add default SECURITY.md policy (#2004)
bf65123 Adds vulnerability scanning on ingestion (#1963)
e1465d9 Bump actions/checkout from 4.1.6 to 4.1.7 (#1972)
681d3b7 Bump actions/create-github-app-token from 1.10.1 to 1.10.3 (#1995)
968c0cc Bump actions/setup-go from 5.0.1 to 5.0.2 (#2025)
3cacb78 Bump actions/setup-python from 5.1.0 to 5.1.1 (#2024)
5b9e79d Bump anchore/sbom-action from 0.16.0 to 0.17.0 (#2023)
c2983b5 Bump aquasecurity/trivy-action from 0.21.0 to 0.22.0 (#1958)
250ecb8 Bump aquasecurity/trivy-action from 0.22.0 to 0.23.0 (#1977)
a0c0b73 Bump aquasecurity/trivy-action from 0.23.0 to 0.24.0 (#2026)
f0d7607 Bump cloud.google.com/go/storage from 1.41.0 to 1.42.0 (#1979)
07cea77 Bump entgo.io/ent from 0.13.0 to 0.13.1 (#2005)
57a219f Bump github.com/99designs/gqlgen from 0.17.45 to 0.17.48 (#1961)
d81762c Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity (#1962)
153f94e Bump github.com/CycloneDX/cyclonedx-go from 0.8.0 to 0.9.0 (#2007)
dad65eb Bump github.com/aws/aws-sdk-go from 1.53.1 to 1.54.3 (#1968)
8ca724a Bump github.com/aws/aws-sdk-go from 1.54.3 to 1.54.6 (#1978)
9052a82 Bump github.com/aws/aws-sdk-go from 1.54.6 to 1.55.0 (#2043)
809acec Bump github.com/aws/aws-sdk-go-v2 from 1.30.1 to 1.30.3 (#2030)
e0a7c6b Bump github.com/aws/aws-sdk-go-v2/config from 1.27.16 to 1.27.19 (#1970)
6139d24 Bump github.com/aws/aws-sdk-go-v2/config from 1.27.19 to 1.27.23 (#1993)
c903f1b Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.55.1 to 1.58.2 (#2027)
3c0319a Bump github.com/fsouza/fake-gcs-server from 1.48.0 to 1.49.2 (#1955)
5114c80 Bump github.com/google/osv-scanner from 1.7.2 to 1.7.4 (#1960)
fb3d62a Bump github.com/google/osv-scanner from 1.7.4 to 1.8.2 (#2013)
f39ad2e Bump github.com/hashicorp/go-retryablehttp from 0.7.4 to 0.7.7 (#1981)
5d0a9bf Bump github.com/nats-io/nats-server/v2 from 2.10.16 to 2.10.17 (#2029)
c1ddb48 Bump github.com/nats-io/nats-server/v2 from 2.10.17 to 2.10.18 (#2041)
4fe606f Bump github.com/nats-io/nats.go from 1.34.1 to 1.36.0 (#1971)
221a7d3 Bump github.com/pitabwire/natspubsub from 0.1.3 to 0.1.7 (#1990)
9e41590 Bump github.com/redis/go-redis/v9 from 9.5.1 to 9.5.3 (#1954)
5c09ea6 Bump github.com/regclient/regclient from 0.6.1 to 0.7.0 (#2042)
cdfebf3 Bump github.com/sigstore/sigstore from 1.8.3 to 1.8.4 (#1980)
9e41523 Bump github.com/sigstore/sigstore from 1.8.4 to 1.8.6 (#1991)
b18df2d Bump github.com/sigstore/sigstore from 1.8.6 to 1.8.7 (#2028)
3ac1beb Bump github.com/vektah/gqlparser/v2 from 2.5.12 to 2.5.14 (#1966)
1b1ccc5 Bump github.com/vektah/gqlparser/v2 from 2.5.14 to 2.5.16 (#1992)
ecf9206 Bump github/codeql-action from 3.25.10 to 3.25.11 (#1994)
b12ce21 Bump github/codeql-action from 3.25.11 to 3.25.12 (#2022)
693a21c Bump github/codeql-action from 3.25.12 to 3.25.13 (#2045)
f18ba93 Bump github/codeql-action from 3.25.7 to 3.25.8 (#1957)
21e503c Bump github/codeql-action from 3.25.8 to 3.25.10 (#1973)
8a987bd Bump google.golang.org/grpc from 1.64.0 to 1.64.1 (#2012)
546a17e Bump goreleaser/goreleaser-action from 5 to 6 (#1959)
a0762a6 Clearly defined certifier (#2035)
ff4c8af Expose certifier and deps.dev batch size and add optional latency (defaults to none) (#1967)
7306193 Fix Google Container Registry URL typo (#1986)
6443db6 Fix make all and make build (#2014)
41970b6 Fix guacrest docker compose healthchecks (#2001)
82e3f80 Fix the e2e (#2010)
ee17427 Fix the shebang on the e2e script by (#2017)
9a20f1e Fixed Guacone Query Vuln When Keyvalue is Used (#2000)
05de293 Implememnt the proposal in guacsec/governance#8 (#1935)
53a63ab Include e2e tests for guaccollect, guacingest, and ent (#1998)
71dbe34 Move to OpenSSF mail server (#1975)
9d51e44 Parse CycloneDX Legal information (#1985)
8c54ef5 Remove isDependency to pkgName (#2021)
0675b67 Speed up common CertifyVuln ent queries by adding indexes (#1999)
2845fad Speed up isDependency query when spec depPkg has pkgID (#2020)
2d87d8d Update slsa parser to remove deprecated structs (#1988)
bc9361d Updated query known and slsa parser (#2018)
6a63c22 [ENT] Implement deletion for certifyVuln, hasSBOM and hasSLSA (#1982)
0b17411 [ENT] add indexes for common queries on ENT (#2032)
b6754cf [ENT] add missing nodes from the node query (#1989)
a4c36b1 add check for paginated queries for nil values in ent (#2031)
7eccfa9 add missing csub-tls flags for guaccollect (#1951)
0c6dc86 move timestamp up such that it is not skipped (#2046)
0c70002 remove GetMatchFlagsFromPkgInput helper as it was not needed for isDependency (#1933)
e2486e1 support direct connections to ent from the rest api (#1932)
621b66f update to skip type guac purls in deps.dev (#2039)

Contributors

nchelluri, funnelfiasco, and 8 other contributors

Assets 71

guac-compose.tar.gz

3.18 KB 2024-07-25T18:13:22Z
guac-demo-compose.yaml

1.89 KB 2024-07-25T18:13:23Z
guac-postgres-compose.yaml

3.51 KB 2024-07-25T18:13:23Z
guaccollect-darwin-amd64

194 MB 2024-07-25T18:11:17Z
guaccollect-linux-amd64

96.5 MB 2024-07-25T18:11:21Z
guaccollect-linux-amd64.spdx.sbom.json

350 KB 2024-07-25T18:11:35Z
guaccollect-linux-arm

88.4 MB 2024-07-25T18:11:26Z
guaccollect-linux-arm.spdx.sbom.json

348 KB 2024-07-25T18:11:36Z
guaccollect-linux-arm64

93.1 MB 2024-07-25T18:11:25Z
guaccollect-linux-arm64.spdx.sbom.json

350 KB 2024-07-25T18:11:36Z
Source code (zip)

2024-07-25T17:44:43Z
Source code (tar.gz)

2024-07-25T17:44:43Z
Loading

06 Jun 19:42

github-actions

v0.7.2

42599e4

v0.7.2

Fixes for OSV/Scorecard flag initialization via guacCollect

Contributors

@pxp928

What's Changed

42599e4 fix flag initialization and naming (#1950)

Contributors

pxp928

Assets 71

06 Jun 16:26

github-actions

v0.7.1

4204cb0

v0.7.1

Fixes for OSV certifier via guacCollect

Contributors

@pxp928

What's Changed

bb96252 Add nil checks for pkgConn and PackagesList (#1948)
4204cb0 updates to osv collector to fix issues (#1949)

Contributors

pxp928

Assets 71

04 Jun 15:34

github-actions

v0.7.0

64e4b0e

v0.7.0

Include Pagination for KeyValue
Added annotate-metadata command via guacone CLI (Experimental)
WIP for Get Next Actionable Critical Dependencies (Experimental - REST API)
Improved CDX parsing for transitive dependencies
GraphQL - Expose all client queries (paginated and non-paginated)
[ENT] Controlled and automated schema version migration via Atlas
Update certifiers to use paginated query for package and source
Update S3 collector to support collecting from a directory within the bucket

Contributors

What's Changed

8e929e7 --- (#1917)
5402c79 --- (#1918)
79bb957 --- (#1919)
1f57e79 --- (#1920)
febf594 --- (#1923)
b74c853 Added annotate-metadata command (#1906)
efa328a Attach hasSBOM nodes to artifacts instead of packages (#1883)
de5da06 Bump actions/checkout from 4.1.4 to 4.1.5 (#1899)
3ad5153 Bump actions/create-github-app-token from 1.10.0 to 1.10.1 (#1946)
5f2c476 Bump actions/create-github-app-token from 1.9.3 to 1.10.0 (#1900)
098c57a Bump actions/setup-go from 5.0.0 to 5.0.1 (#1898)
e72f98e Bump aquasecurity/trivy-action from 0.19.0 to 0.20.0 (#1912)
e166680 Bump aquasecurity/trivy-action from 0.20.0 to 0.21.0 (#1928)
2ff113d Bump docker/login-action from 3.1.0 to 3.2.0 (#1944)
286c0f8 Bump entgo.io/contrib from 0.4.5 to 0.5.0 (#1894)
a6471c3 Bump github.com/aws/aws-sdk-go from 1.51.12 to 1.53.1 (#1909)
2530c26 Bump github.com/aws/aws-sdk-go-v2/config from 1.27.7 to 1.27.16 (#1929)
4485169 Bump github.com/jedib0t/go-pretty/v6 from 6.5.8 to 6.5.9 (#1907)
19b6d7b Bump github.com/nats-io/nats-server/v2 from 2.10.12 to 2.10.14 (#1895)
dfbf8fd Bump github.com/prometheus/client_golang from 1.19.0 to 1.19.1 (#1943)
0faef0a Bump github.com/sigstore/sigstore from 1.8.2 to 1.8.3 (#1896)
64e4b0e Bump github.com/spf13/viper from 1.18.2 to 1.19.0 (#1942)
6ae6785 Bump github/codeql-action from 3.25.6 to 3.25.7 (#1945)
44e16c9 Bump golang.org/x/oauth2 from 0.19.0 to 0.20.0 (#1908)
b588f97 Bump golangci/golangci-lint-action from 5.1.0 to 5.3.0 (#1897)
9da7480 Bump golangci/golangci-lint-action from 5.3.0 to 6.0.1 (#1911)
7daab4a Bump google.golang.org/api from 0.176.0 to 0.177.0 (#1893)
f126a70 Bump google.golang.org/api from 0.177.0 to 0.180.0 (#1910)
0c83f5d Bump google.golang.org/grpc from 1.63.2 to 1.64.0 (#1930)
6a9639b Bump ossf/scorecard-action from 2.3.1 to 2.3.3 (#1913)
d2717a4 Document that the Equals predicates equate only two nouns (#1886)
14cd291 Get Next Actionable Critical Dependencies Part 1 (#1705)
089496d GraphQL - Expose client queries (#1941)
8b702d0 Improved cdx parsing (#1903)
761d672 Include Aggregated Json Logs (#1905)
0970c35 Include Pagination for KeyValue (#1904)
73108d1 Update S3 collector to support collecting from a directory within the bucket (#1871)
51d3218 [ENT] Versioned Migration via Atlas (#1887)
f478bf0 [ENT] add bulk ingest for hasSBOM nodes (#1915)
66e066b publishToQueue feature flag and add certifiers to guaccollect pipeline (#1914)
c27e7c6 add issues/1885 reviewer/owners (#1902)
4dc7c94 add missing atlas to post merge CI (#1891)
c81838c add releases process (#1733)
b1b9a02 expose certifyVuln and hasSLSA query and pagination query on client side (#1936)
a35a679 expose hasSBOM pagination query on client side (#1916)
7ee25d1 expose vulnerability pagination query on client side (#1925)
e3e0f93 fix generate code for linter and static checks (#1940)
1253f28 fix novuln check for ent query (#1939)
529e33b fix: close file (#1924)
c8b8ff3 update certifier to use paginated query for package and source (#1872)
0921628 use deps.dev v3 API (#1890)
ccad6b3 use underscore instead of colon for blob store key (#1937)

Contributors

nchelluri, lumjjb, and 6 other contributors

Assets 71

30 Apr 21:38

github-actions

v0.6.0

a5d1d12

v0.6.0

Highlights

PostgreSQL/Ent is complete, optimized, and supported!
REST API endpoints are starting to appear
CLI commands now allow specifying arbitrary http headers
Ingestor logs now include document references
Document references are attached to nodes as part of source information

Changelog

c0e35bf Add GUAC Version to Logs (#1856)
3bb8b21 Add a transitive dependencies endpoint to the REST API (#1867)
136ad62 Add guaccollect files option to set origin to blob path (#1811)
ae3c1aa Add missing dev tools to nix shell (#1819)
90d95a5 Add standalone postgres compose (#1868)
d95860c Add the ability to specify HTTP headers for CLI commands (to support Auth proxies) (#1845)
c6aaf87 Bump actions/checkout from 4.1.2 to 4.1.3 (#1861)
e2e4121 Bump actions/checkout from 4.1.3 to 4.1.4 (#1875)
3e827b8 Bump actions/create-github-app-token from 1.9.1 to 1.9.2 (#1802)
eca2727 Bump actions/create-github-app-token from 1.9.2 to 1.9.3 (#1823)
5a048cd Bump actions/setup-python from 5.0.0 to 5.1.0 (#1801)
1984c68 Bump anchore/sbom-action from 0.15.10 to 0.15.11 (#1877)
ae9966c Bump anchore/sbom-action from 0.15.9 to 0.15.10 (#1803)
2dc06e2 Bump aquasecurity/trivy-action from 0.18.0 to 0.19.0 (#1804)
17e8bd7 Bump cloud.google.com/go/storage from 1.39.1 to 1.40.0 (#1799)
eed71a5 Bump github.com/99designs/gqlgen from 0.17.44 to 0.17.45 (#1857)
36f1133 Bump github.com/arangodb/go-driver from 1.6.1 to 1.6.2 (#1826)
70babbd Bump github.com/aws/aws-sdk-go from 1.51.7 to 1.51.12 (#1798)
9c1eb23 Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.53.0 to 1.53.1 (#1840)
f0e44fd Bump github.com/aws/aws-sdk-go-v2/service/sqs from 1.31.2 to 1.31.4 (#1825)
fd69617 Bump github.com/fsouza/fake-gcs-server from 1.47.8 to 1.48.0 (#1881)
19506b6 Bump github.com/go-git/go-git/v5 from 5.11.0 to 5.12.0 (#1827)
60d8dc8 Bump github.com/google/osv-scanner from 1.7.0 to 1.7.1 (#1824)
21b65fb Bump github.com/klauspost/compress from 1.17.7 to 1.17.8 (#1882)
1857403 Bump github.com/nats-io/nats.go from 1.33.1 to 1.34.0 (#1800)
a586a92 Bump github.com/nats-io/nats.go from 1.34.0 to 1.34.1 (#1879)
282ea21 Bump github.com/pitabwire/natspubsub from 0.1.2 to 0.1.3 (#1843)
6a164f5 Bump github.com/redis/go-redis/v9 from 9.5.0 to 9.5.1 (#1841)
af5d83e Bump github.com/regclient/regclient from 0.5.7 to 0.6.0 (#1797)
1ea2819 Bump github.com/spdx/tools-golang from 0.5.3 to 0.5.4 (#1860)
bb6b63d Bump gocloud.dev/pubsub/rabbitpubsub from 0.36.0 to 0.37.0 (#1842)
9317e44 Bump golang.org/x/net from 0.22.0 to 0.23.0 (#1853)
80d7d0d Bump golangci/golangci-lint-action from 4.0.0 to 5.1.0 (#1876)
9445fc0 Bump google.golang.org/api from 0.169.0 to 0.172.0 (#1796)
a2c1206 Bump google.golang.org/api from 0.172.0 to 0.176.0 (#1858)
e8e4c30 Bump google.golang.org/grpc from 1.62.1 to 1.63.2 (#1859)
d3f8704 Bump sigstore/cosign-installer from 3.4.0 to 3.5.0 (#1839)
e69c19f Bump slsa-framework/slsa-github-generator from 1.10.0 to 2.0.0 (#1878)
71c5547 Fix GitHub collector to accept explicit tag in urls (#1818)
1381c07 Fix goreleaser flag deprecation warnings (#1814)
db16cdc Fix the Overview Diagram (#1836)
46e8893 Fixes to HTTP Header functionality for CLI commands (#1852)
56ed851 Go generate (#1869)
4741c1c Handle null SPDX relationship values without panicking (#1822)
358205b Include a more descriptive debugger for the collector and processor (#1830)
6100427 Make the CSub GetCollectEntries() RPC response streaming (#1865)
3577d4d Populate SourceInformation.DocumentRef in collectors (#1847)
3f124e3 Remove unused variable (#1851)
ef4658e Run the guacgql HTTP server on only one port (#1805)
d0c51f5 Update error handling on ingestion (#1832)
6638a53 Update gql, parser and backends to add new documentRef field (#1844)
a0a0a82 Update graphQL schema to add documentRef field to all verbs (#1834)
d861241 Update graphQL, resolvers and add backend stubs for pagination (#1862)
c2477fa Update readme with supported backends. (#1873)
8189495 [ENT] Complete ent pagination and update backend tests (#1870)
2ec6bc9 [ENT] fix issue with index on artifact (#1835)
5ff8e90 [ENT] fix trie output for package, source and vulnerability (#1863)
2180123 [Ent] Add missing neighbor, node and path query (#1815)
a5d1d12 [FIX] Ingestor should not ack message on failure (#1874)
d908792 [FIX] implement fixes based on parsing and querying errors for CDX (#1855)
3d6f3c0 [fix] OSV unit test update and replaced deprecated types.Descriptor (#1807)
3dba718 add new re-designed overview diagram for GUAC (#1831)
5b2e267 added github release identifier string type (#1820)
b5e2b39 feat: switch golang/mock to uber-go/mock (#1866)
573a8d8 fix queue to deliver message directly (#1837)
0550c31 remove built in query noder as it was not properly returning the fields in the queried nodes (#1829)

Assets 71

27 Mar 19:50

github-actions

v0.5.2

ef1c2c9

v0.5.2

Highlights

Fix ENT queries
Add missing collectors to guaccollect
Support image references by digest in the OCI collector
Add guacrest to docker-compose
Various bug fixes and improvements

What's Changed

c6a5159 Bump actions/cache from 4.0.1 to 4.0.2 (#1782)
a1b49c5 Bump actions/checkout from 4.1.1 to 4.1.2 (#1776)
0620ad5 Bump actions/create-github-app-token from 1.9.0 to 1.9.1 (#1781)
996f777 Bump anchore/sbom-action from 0.15.8 to 0.15.9 (#1767)
bac5b6d Bump cloud.google.com/go/storage from 1.39.0 to 1.39.1 (#1763)
b87ea96 Bump docker/login-action from 3.0.0 to 3.1.0 (#1775)
ade9c9e Bump github.com/Khan/genqlient from 0.6.0 to 0.7.0 (#1773)
f93a552 Bump github.com/aws/aws-sdk-go from 1.50.36 to 1.51.7 (#1787)
488b99e Bump github.com/aws/aws-sdk-go-v2 from 1.25.3 to 1.26.0 (#1772)
5c5973f Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.48.1 to 1.51.4 (#1760)
5c56383 Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.51.4 to 1.53.0 (#1786)
a895253 Bump github.com/aws/aws-sdk-go-v2/service/sqs from 1.29.7 to 1.31.2 (#1766)
b6608f6 Bump github.com/docker/docker (#1778)
e283206 Bump github.com/go-chi/chi from 1.5.5 to 4.1.2+incompatible (#1761)
fe4faee Bump github.com/go-chi/chi/v5 from 5.0.11 to 5.0.12 (#1788)
90fc632 Bump github.com/google/osv-scanner from 1.6.1 to 1.7.0 (#1755)
59897f2 Bump github.com/nats-io/nats-server/v2 from 2.10.11 to 2.10.12 (#1774)
cc5f59f Bump github.com/pitabwire/natspubsub from 0.1.1 to 0.1.2 (#1764)
b69464a Bump github.com/sigstore/sigstore from 1.8.1 to 1.8.2 (#1785)
3100b05 Bump go.uber.org/zap from 1.26.0 to 1.27.0 (#1762)
5cccd5e Bump gocloud.dev from 0.36.0 to 0.37.0 (#1770)
dcf7cef Bump gocloud.dev/pubsub/kafkapubsub from 0.36.0 to 0.37.0 (#1784)
3b007a2 Bump golang.org/x/oauth2 from 0.17.0 to 0.18.0 (#1771)
c85eb0e Bump gopkg.in/go-jose/go-jose.v2 from 2.6.1 to 2.6.3 (#1758)
1357a7c Bump slsa-framework/slsa-github-generator from 1.9.0 to 1.10.0 (#1783)
755a8e8 Check DependencyType values in isDependency ingestion and queries (#1780)
ac4c273 Include missing collectors (#1759)
f8286dd Included Query for Scorecard (#1791)
638ba85 Included a README for guacrest (#1719)
693be1a Support image references by digest in the OCI collector (#1779)
d41d633 [ENT] Fix all broken queries from the backend test suite (#1790)
6055128 add guacrest to docker and go releaser (#1792)
ef1c2c9 fix health check for rest api (#1793)

Assets 70

07 Mar 21:08

github-actions

v0.5.1

1f9eb7c

v0.5.1

Highlights

Add GitHub release/artifact collector to guacone: guacone collect github.
Fix a validation issue in guac-demo-compose.yaml

Changelog

2b196f5 Add Pagination to the Rest API (#1720)
c3efd23 Bump github.com/cloudevents/sdk-go/v2 from 2.15.1 to 2.15.2 (#1754)
4428d22 Fixed flaky test (#1752)
652c333 Fixed typos (#1751)
249a6f5 Included Guacone Collect Github (#1677)
d4a9a96 Included Polling for Github Collect (#1678)
67e4664 README for the Github Collector (#1731)
1f9eb7c Remove empty depends_on that fails validation. (#1757)
d490212 adds helper function to check for an arango collection index (#1750)
6985a57 move message acknowledgment for pubsub to be done after the ingestion has occured (#1753)

Assets 70

05 Mar 18:45

github-actions

v0.5.0

89019ad

v0.5.0

Highlights

Various updates to the graphQL API
Updated to the ENT backend to make ingestion quicker
Addition of the REST API features and build out
Metrics via Prometheus
Various bug fixes and improvements

What's Changed

ede754a Add Deps.dev collector to guacone (#1661)
89019ad Add a demo level docker compose yaml (#1747)
42f945e Bump actions/cache from 3.3.3 to 4.0.0 (#1653)
642a10c Bump actions/cache from 4.0.0 to 4.0.1 (#1740)
9686503 Bump actions/create-github-app-token from 1.6.3 to 1.6.4 (#1651)
9c3b5d0 Bump actions/create-github-app-token from 1.6.4 to 1.7.0 (#1667)
9e3cd9d Bump actions/create-github-app-token from 1.7.0 to 1.8.0 (#1704)
ceb3192 Bump actions/create-github-app-token from 1.8.0 to 1.8.1 (#1724)
93887c6 Bump actions/create-github-app-token from 1.8.1 to 1.9.0 (#1741)
45356ea Bump anchore/sbom-action from 0.15.3 to 0.15.5 (#1652)
c350930 Bump anchore/sbom-action from 0.15.5 to 0.15.6 (#1668)
3844bcf Bump anchore/sbom-action from 0.15.6 to 0.15.8 (#1691)
a3c3690 Bump aquasecurity/trivy-action from 0.16.1 to 0.17.0 (#1703)
1b58cd4 Bump aquasecurity/trivy-action from 0.17.0 to 0.18.0 (#1742)
a1fd412 Bump cloud.google.com/go/storage from 1.36.0 to 1.37.0 (#1687)
1770712 Bump cloud.google.com/go/storage from 1.37.0 to 1.38.0 (#1716)
033f281 Bump cloud.google.com/go/storage from 1.38.0 to 1.39.0 (#1744)
d597f9e Bump entgo.io/ent v0.13.0 (#1707)
9e5d83d Bump github.com/99designs/gqlgen from 0.17.43 to 0.17.44 (#1715)
60210aa Bump github.com/aws/aws-sdk-go from 1.49.17 to 1.50.6 (#1672)
f7bdab8 Bump github.com/aws/aws-sdk-go from 1.50.6 to 1.50.11 (#1689)
68230c5 Bump github.com/aws/aws-sdk-go-v2/config from 1.26.6 to 1.27.4 (#1725)
b1c67c9 Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.48.0 to 1.48.1 (#1662)
590df02 Bump github.com/cloudevents/sdk-go/v2 from 2.10.1 to 2.15.0 (#1669)
ce741a7 Bump github.com/cloudevents/sdk-go/v2 from 2.15.0 to 2.15.1 (#1728)
5b8d7a9 Bump github.com/deepmap/oapi-codegen/v2 from 2.0.1-0.20240123090344-d326c01d279a to 2.1.0 (#1713)
0919d31 Bump github.com/fsouza/fake-gcs-server from 1.47.7 to 1.47.8 (#1743)
13b5121 Bump github.com/getkin/kin-openapi from 0.122.0 to 0.123.0 (#1727)
a6c67d3 Bump github.com/google/osv-scanner from 1.4.3 to 1.6.1 (#1657)
b7e84b9 Bump github.com/jedib0t/go-pretty/v6 from 6.5.3 to 6.5.4 (#1673)
755c47e Bump github.com/klauspost/compress from 1.17.4 to 1.17.5 (#1671)
efd46f3 Bump github.com/klauspost/compress from 1.17.5 to 1.17.6 (#1701)
6c45c18 Bump github.com/moby/buildkit from 0.12.2 to 0.12.5 (#1679)
e1d3451 Bump github.com/nats-io/nats-server/v2 from 2.10.9 to 2.10.10 (#1686)
32169e5 Bump github.com/nats-io/nats.go from 1.32.0 to 1.33.1 (#1726)
8eaa7ed Bump github.com/prometheus/client_golang from 1.18.0 to 1.19.0 (#1745)
cf9ccd3 Bump github.com/redis/go-redis/v9 from 9.4.0 to 9.5.0 (#1714)
75a5ae7 Bump github.com/regclient/regclient from 0.5.5 to 0.5.6 (#1688)
644b493 Bump github.com/regclient/regclient from 0.5.6 to 0.5.7 (#1700)
91a9be2 Bump github.com/segmentio/kafka-go from 0.4.46 to 0.4.47 (#1655)
315dfef Bump github.com/sigstore/sigstore from 1.8.0 to 1.8.1 (#1654)
ec85ecd Bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#1746)
4adbf13 Bump github.com/swaggo/swag from 1.16.2 to 1.16.3 (#1698)
694a8f2 Bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 (#1702)
6e88dab Bump google.golang.org/api from 0.154.0 to 0.157.0 (#1656)
9db9b6a Bump google.golang.org/api from 0.157.0 to 0.160.0 (#1670)
abd5a73 Bump google.golang.org/grpc from 1.60.1 to 1.61.0 (#1685)
e023b46 Bump sigstore/cosign-installer from 3.3.0 to 3.4.0 (#1690)
d5feab1 ENT - bulk ingestion and update to use IDorInputSpec (#1732)
237ff8c Encoding guesser (#1472)
f750549 Error and exit when initialization fails (#1674)
e9e3551 Fix License node ingestion when no LicenseListVersion provided. (#1738)
431a286 Fix the incorrect callingFuncName in the getNeighborIDFromCursor (#1730)
52a55e4 Github Collector Enhancements (#1566)
dbf92ad Gqlschemafix (#1683)
5fbba0d Id or inputspec (#1708)
645dcbc Implemented key value search (#1711)
e8ff763 Improve guac query vuln error message (#1695)
e2c8157 Included http middleware to measure the graphql response times using prometheus. (#1675)
de3cd11 Included prometheus server for guacql (#1635)
c628147 Move all arango tests to common integration test suite. (#1660)
2169376 Update CONTRIBUTING.md about DCO and CLA. (#1723)
b0969e3 Update default blob-addr to use filesystem (for docker-compose and k8s) (#1666)
f6e9f46 Use filename as qualifier for SBOM file references (#1546)
f393612 Use graphql.HasOperationContext in arangodb assembler (#1659)
db84270 Utilize gocloud and blob store to work around pubsub message size (#1630)
2b3b18e [Rest API] Adds the initial API Spec and guacrest cli. (#1665)
eee82ba abstract pubsub service via gocloud (#1664)
3f2ef06 add purl helper to convert from allPkgTree fragment (#1681)
99a4d54 attempt to fix golangci-lint issues (#1735)
8c27a44 feature: Verify the DSSE envelope if the verifier-key-path and verifier-key-id are provided. Fail the provenance ingestion if the document is not verified. (#1712)
1e337e3 fix: s3 collector (#1658)
f1703bd fix[update-arango-graph] - creates a missing collection in already pr… (#1649)
db6cfcc removing MAX_CONCURRENT_JOBS (#1682)
ef4c295 save qualifiers from golang loop semantics (#1684)
753e57b separate software IDs into packages and artifacts for hasSBOM ingestion (#1718)
c3464f8 update dsse processor to not guess unpacked payload (#1647)
277c791 update hasSBOM ingestion for large SBOMs and increase batch size for bulk ingestion (#1748)

Assets 70

18 Jan 03:36

github-actions

v0.4.0

c3cdc5a

v0.4.0

Highlights

Addition of a new KeyValue backend (Redis and TiKV)
Update and improve guacone CLI
Add new graphQL Custom Directives contains and startswith
Various updates to arangoDB and ENT backend
REST API initial implementation
Various bug fixes and improvements

What's Changed

8336525 1434-docker-compose - backend selection on startup (#1435)
c197a9d 1550 Ent: hasSBOM 'included' implementation (#1583)
8daf872 Add Guacone collect files json.bz2 capability (#1395)
1fb5ee9 Add Redis and TiKV kv stores (#1502)
bb36eab Add benchmark for TiKV (#1579)
ab37eb4 Add comment for id field on PkgSpec (#1631)
df88a40 Add comment on Edge schema to note that edges are bidirectional (#1632)
7176dec Add concurrency to arango hasSBOM query (#1609)
c45498b Add log level configuration (#1422)
cb92e23 Add performance test for redis. (#1562)
a4faf80 Add support for OCI referrers (#1278)
2304b5e Bump actions/cache from 3.3.2 to 3.3.3 (#1642)
cabf7f9 Bump actions/checkout from 3.4.0 to 4.1.1 (#1489)
aa334f6 Bump actions/checkout from 4.1.0 to 4.1.1 (#1423)
47f9756 Bump actions/create-github-app-token from 1.5.0 to 1.5.1 (#1467)
4c9a54f Bump actions/create-github-app-token from 1.5.1 to 1.6.0 (#1516)
1c55d0b Bump actions/create-github-app-token from 1.6.0 to 1.6.1 (#1551)
2bfe69a Bump actions/create-github-app-token from 1.6.1 to 1.6.2 (#1570)
48efadb Bump actions/create-github-app-token from 1.6.2 to 1.6.3 (#1641)
54fe233 Bump actions/download-artifact from 3 to 4 (#1591)
7e4740c Bump actions/github-script from 6.4.1 to 7.0.0 (#1494)
5c32cb5 Bump actions/github-script from 7.0.0 to 7.0.1 (#1515)
67ce224 Bump actions/setup-go from 4.0.1 to 4.1.0 (#1493)
c4c8ca3 Bump actions/setup-go from 4.1.0 to 5.0.0 (#1568)
7bbde8f Bump actions/setup-python from 4.7.1 to 5.0.0 (#1569)
1395ebf Bump actions/upload-artifact from 3 to 4 (#1640)
880b129 Bump anchore/sbom-action from 0.14.3 to 0.15.0 (#1518)
4553605 Bump anchore/sbom-action from 0.15.0 to 0.15.1 (#1552)
65da979 Bump anchore/sbom-action from 0.15.1 to 0.15.3 (#1626)
bfd70a6 Bump aquasecurity/trivy-action from 0.12.0 to 0.13.0 (#1443)
552cf9b Bump aquasecurity/trivy-action from 0.13.0 to 0.13.1 (#1468)
79ffb2f Bump aquasecurity/trivy-action from 0.13.1 to 0.14.0 (#1490)
3e8b997 Bump aquasecurity/trivy-action from 0.14.0 to 0.16.0 (#1571)
5692dc6 Bump aquasecurity/trivy-action from 0.16.0 to 0.16.1 (#1625)
f0c6c23 Bump cloud.google.com/go/storage from 1.33.0 to 1.34.1 (#1462)
a3301cb Bump cloud.google.com/go/storage from 1.34.1 to 1.35.1 (#1492)
68c22cc Bump entgo.io/ent from 0.12.4 to 0.12.5 (#1522)
9fd1846 Bump github.com/99designs/gqlgen from 0.17.37 to 0.17.39 (#1411)
f48cf42 Bump github.com/99designs/gqlgen from 0.17.39 to 0.17.41 (#1553)
645533d Bump github.com/CycloneDX/cyclonedx-go from 0.7.2 to 0.8.0 (#1573)
d9609a3 Bump github.com/arangodb/go-driver from 1.6.0 to 1.6.1 (#1523)
64d2c5b Bump github.com/aws/aws-sdk-go from 1.45.24 to 1.45.26 (#1412)
5cf6cbc Bump github.com/aws/aws-sdk-go from 1.45.26 to 1.46.2 (#1425)
f92473b Bump github.com/aws/aws-sdk-go from 1.46.2 to 1.48.0 (#1521)
4a67771 Bump github.com/aws/aws-sdk-go from 1.48.0 to 1.49.13 (#1613)
c078576 Bump github.com/aws/aws-sdk-go from 1.49.13 to 1.49.17 (#1622)
c13e040 Bump github.com/aws/aws-sdk-go-v2 from 1.20.0 to 1.21.2 (#1447)
d3611c3 Bump github.com/aws/aws-sdk-go-v2 from 1.22.2 to 1.23.5 (#1556)
6d501cc Bump github.com/aws/aws-sdk-go-v2 from 1.24.0 to 1.24.1 (#1621)
4e83d90 Bump github.com/aws/aws-sdk-go-v2/config from 1.18.32 to 1.19.1 (#1446)
21abc32 Bump github.com/aws/aws-sdk-go-v2/config from 1.19.1 to 1.26.1 (#1576)
5a12fd2 Bump github.com/aws/aws-sdk-go-v2/config from 1.26.1 to 1.26.2 (#1612)
25250e2 Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.38.1 to 1.40.2 (#1445)
14c40cb Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.40.2 to 1.42.1 (#1487)
b6246e5 Bump github.com/aws/aws-sdk-go-v2/service/sqs from 1.24.1 to 1.26.0 (#1466)
a95b0bf Bump github.com/aws/aws-sdk-go-v2/service/sqs from 1.24.1 to 1.29.6 (#1614)
f1e2b24 Bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 (#1619)
0ce585b Bump github.com/docker/docker (#1442)
b6f77f3 Bump github.com/fsnotify/fsnotify from 1.6.0 to 1.7.0 (#1486)
604d475 Bump github.com/fsnotify/fsnotify from 1.6.0 to 1.7.0 (#1531)
8ba3f39 Bump github.com/fsouza/fake-gcs-server from 1.47.5 to 1.47.6 (#1428)
1416c0f Bump github.com/fsouza/fake-gcs-server from 1.47.6 to 1.47.7 (#1639)
97cd84f Bump github.com/go-git/go-git/v5 from 5.10.0 to 5.10.1 (#1532)
ed19b9b Bump github.com/go-git/go-git/v5 from 5.10.1 to 5.11.0 (#1588)
1d48ca9 Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 (#1409)
00d978b Bump github.com/google/osv-scanner from 1.4.1 to 1.4.2 (#1444)
d0e7461 Bump github.com/google/osv-scanner from 1.4.2 to 1.4.3 (#1488)
63ebfe7 Bump github.com/jedib0t/go-pretty/v6 from 6.4.7 to 6.4.8 (#1429)
f4c68bc Bump github.com/jedib0t/go-pretty/v6 from 6.4.9 to 6.5.3 (#1638)
cb78b8d Bump github.com/klauspost/compress from 1.17.2 to 1.17.3 (#1534)
e08c31e Bump github.com/klauspost/compress from 1.17.3 to 1.17.4 (#1557)
1e4157b Bump github.com/nats-io/nats-server/v2 from 2.10.1 to 2.10.2 (#1418)
778f2c6 Bump github.com/nats-io/nats-server/v2 from 2.10.2 to 2.10.3 (#1427)
02152b2 Bump github.com/nats-io/nats-server/v2 from 2.10.3 to 2.10.4 (#1454)
45e8941 Bump github.com/nats-io/nats-server/v2 from 2.10.4 to 2.10.5 (#1495)
bac74b5 Bump github.com/nats-io/nats.go from 1.30.1 to 1.31.0 (#1408)
0689514 Bump github.com/nats-io/nkeys from 0.4.5 to 0.4.6 (#1455)
a49449a Bump github.com/ossf/scorecard/v4 from 4.13.0 to 4.13.1 (#1464)
a591214 Bump github.com/prometheus/client_golang from 1.17.0 to 1.18.0 (#1637)
c91c538 Bump github.com/redis/go-redis/v9 from 9.3.0 to 9.3.1 (#1600)
7857ed7 Bump github.com/redis/go-redis/v9 from 9.3.1 to 9.4.0 (#1623)
0b7c030 Bump github.com/regclient/regclient from 0.5.1 to 0.5.3 (#1410)
056ca7a Bump github.com/regclient/regclient from 0.5.3 to 0.5.4 (#1519)
79ef3f1 Bump github.com/regclient/regclient from 0.5.4 to 0.5.5 (#1554)
770cf2e Bump github.com/segmentio/kafka-go from 0.4.42 to 0.4.44 (#1463)
6d2150d Bump github.com/segmentio/kafka-go from 0.4.44 to 0.4.46 (#1572)
d619162 Bump github.com/sigstore/sigstore from 1.7.3 to 1.7.4 (#1426)
596c9f9 Bump github.com/sigstore/sigstore from 1.7.4 to 1.7.5 (#1533)
7ae8af7 Bump github.com/sigstore/sigstore from 1.7.5 to 1.7.6 (#1587)
9407c75 Bump github.com/sigstore/sigstore from 1.7.6 to 1.8.0 (#1602)
974f14b Bump github.com/spf13/viper from 1.16.0 to 1.17.0 (#1520)
76e2661 Bump github.com/spf13/viper from 1.17.0 to 1.18.2 (#1589)
c86d904 Bump golang.org/x/crypto from 0.16.0 to 0.17.0 (#1592)
bfa5624 Bump golang.org/x/oauth2 from 0.14.0 to 0.15.0 (#1555)
c0eaaeb Bump google.golang.org/api from 0.148.0 to 0.149.0 (#1465)
56cb4f9 Bump google.golang.org/api from 0.150.0 to 0.152.0 (#1535)
e9ee86b Bump google.golang.org/protobuf from 1.31.0 to 1.32.0 (#1620)
fe10b55 Bump goreleaser/goreleaser-action from 4 to 5 (#1517)
e2b35ad Bump ossf/scorecard-action from 2.3.0 to 2.3.1 (#1424)
2b32a09 Bump sigstore/cosign-installer from 3.1.2 to 3.2.0 (#1491)
ba1eb78 Bump sigstore/cosign-installer from 3.2.0 to 3.3.0 (#1567)
c308c54 CSAF Parser: fixed branches' names collision (#1528)
18ad0d0 Change Keys method in kv interface to Scan (#1558)
030cf7f Convert default backend from "inmem" to "keyvalue" (#1475)
c5d84b6 Create a single backend acceptance test suite. (#1597)
fb58ab3 Define edges within software tries related nodes (#1450)
f2198ad Enable query on benchmark, fix some Scan() issues in keyvalue (#1585)
2a9a787 Ent - HasMetadata: applied concurrent approach (#1458)
b178fcd Ent - PackageVersion: added index for improving IsDependency ingestion (#1439)
da929fc Ent - Restore IngestPackages concurrently (#1586)
72e03ee Ent - Vulnerability endpoints: applied concurrent approach (#1459)
1b4e681 Ent - VulnerabilityMetadata endpoints (#1416)
7a05b7e Ent: IngestArtifacts optimized using concurrently (#1596)
f6a0a24 Ent: IngestBuilders, IngestCertifyBads, IngestCertifyGoods, IngestCertifyLegals refactored concurrently (#1599)
68210cf Ent: IngestOccurrences optimized with concurrently (#1593)
a599888 Ent: IngestSources optimized with concurrently (#1595)
a20dbc7 Ent: Package,IsDependency concurrent bulk ingestions (#1440)
5521770 Ent: error management when closing Ent client during tests (#1478)
545e294 Ent: fixed lint issue on 'main' (#1598)
7a4373b Feature/arango neighbors nouns query (#1419)
2ad8e2b Feature/arango neighbors verbs with tests (#1420)
09b3c74 Feature/update arango hasSBOM adding includes (#1564)
ab00d12 Fix single target build and remove unused function from test (#1543)
e560250 Fix some error returns without unlocks. (#1581)
0b8fc18 Fix some logic errors on IsDependency (#1627)
565483d Fixed Error in Scorecard Certifier (#1501)
9faa6de Fixed docker-compose down (#1451)
14a79d9 Fixed the incorrect tests for deps_dev (#1400)
c298eea Implemented prometheus (#1500)
1e5a333 Implemented the REST API (#1452)
2af1cc4 Included option to run integration tests locally (#1361)
c72e762 Inlcuded a faster fmt (#1507)
165897d Issue 966: Extend HasSBOM to include references to included software … (#1367)
686ce43 Iterating Over all IDs in QueryVulnsViaVulnNodeNeighbors (#1509)
c5c346c OCI purl: fix repository URL management (#1485)
92bd33e Query fIlter support for nested keys (#1618)
cb550ee Remove extra read locking that will cause deadlock. (#1580)
83b892c S3 collector implementation (#1308)
7144c45 Update ent and arango source model generation. (#1594)
2b1e1ae Update key methods...

Assets 69

13 Oct 20:35

github-actions

v0.3.0

7c3b1b9

v0.3.0

Highlights

Add timestamp fields to certifyBad, certifyGood, and hasSBOM
Ingest SPDX CPEs from externalRefs
Fix the issue with OSV certifier failing to ingest vulnerabilities while polling
Fix noVuln not showing on query known CLI

What's Changed

2c19f25 Add License and CertifyLegal to Arango backend. (#1349)
b7ff00e Add SECURITY-INSIGHTS (#1353)
ffadd34 Add a developer readme to the cli commands. (#1324)
caebd0c Bump actions/create-github-app-token from 1.2.2 to 1.5.0 (#1372)
baae9ca Bump entgo.io/ent from 0.12.4-0.20230918073025-797534a0d1ca to 0.12.4 (#1377)
583c478 Bump github.com/aws/aws-sdk-go from 1.45.20 to 1.45.24 (#1375)
1db53ed Bump github.com/fsouza/fake-gcs-server from 1.47.4 to 1.47.5 (#1376)
686fcad Bump github.com/nats-io/nats-server (#1352)
2f87865 Bump github.com/ossf/scorecard/v4 from 4.12.0 to 4.13.0 (#1374)
ff8bcb9 Bump golang.org/x/net from 0.15.0 to 0.17.0 (#1389)
457ace8 Bump golang.org/x/sync from 0.3.0 to 0.4.0 (#1373)
dc8d75a Bump ossf/scorecard-action from 2.2.0 to 2.3.0 (#1371)
7c3b1b9 Certifier OSV: fixed emit func when polling (#1396)
c923aa6 Ent - HasMetadata (#1365)
64850de Ent - HasMetadata: fix ingesting same twice (#1392)
d18327b Ent - PointOfContact (#1391)
9e65098 Feature/arango node query with updates to inmem unit tests (#1369)
24dc68f Fix lint errors and increase golangci-lint timeout (#1351)
d681a8d Include Timestamps for Verbs (#1338)
542f03f SPDX Parser: ingest CPE from externalRefs (#1347)
b540d46 Support TLS for csub server and clients (#1390)
4652364 Support TLS for graphql server (#1380)
a3299ca Update packages for slices import (#1356)
3b4bc8e Update query used in docs with new vuln structure. (#1385)
e48e534 Wait for guac server to start before running tests (#1383)
a9dc7af [feature] Unionize parsing for cdx SBOM and VEX data (#1247)
c225a8e add flag to toggle getting deps.dev dependencies (#1382)
9254f32 change package version list to a map and add tests (#1332)
9caebd6 edit arangosearch view to exclude subpath search results (#1397)
5ecc2be fix contributor.md broken links to docs (#1393)
d7daa07 fix noVuln type not showing up when querying for known (#1394)
23cdc26 fix: typo (#1379)
09c5879 process PACKAGE_OF relationship in SPDX files (#1337)
51e8fc6 refactor(depversion): avoid unnecessary byte/string conversion (#1384)
70a6fe2 remove gql-test-data as its no longer needed to test the backends (#1355)

Assets 57

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Contributors

What's Changed

Contributors

Contributors

What's Changed

Contributors

Contributors

What's Changed

Contributors

Contributors

What's Changed

Contributors

Highlights

Changelog

Highlights

What's Changed

Highlights

Changelog

Highlights

What's Changed

Highlights

What's Changed

Highlights

What's Changed

Releases: guacsec/guac

v0.8.0

Contributors

What's Changed

Contributors

v0.7.2

Contributors

What's Changed

Contributors

v0.7.1

Contributors

What's Changed

Contributors

v0.7.0

Contributors

What's Changed

Contributors

v0.6.0

Highlights

Changelog

v0.5.2

Highlights

What's Changed

v0.5.1

Highlights

Changelog

v0.5.0

Highlights

What's Changed

v0.4.0

Highlights

What's Changed

v0.3.0

Highlights

What's Changed