-
Notifications
You must be signed in to change notification settings - Fork 11
Expand file tree
/
Copy pathconfig.yaml
More file actions
170 lines (160 loc) · 5.64 KB
/
config.yaml
File metadata and controls
170 lines (160 loc) · 5.64 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
baseURL: /
languageCode: en-us
publishDir: public/
canonifyURLs: true
title: guac
theme: hugo-fresh
googleAnalytics: G-VVPLWNX4L9
outputs:
home:
- html
section:
- html
- rss
services:
rss:
limit: 10
markup:
goldmark:
renderer:
unsafe: true # Allows you to write raw html in your md files
pagination:
pagerSize: 10
params:
date_format: "2006-01-02"
include_footer: true
# Open graph allows easy social sharing. If you don't want it you can set it to false or just delete the variable
openGraph: true
# Used as meta data; describe your site to make Google Bots happy
description:
navbarlogo:
# Logo (from static/images/logos/___)
image: logos/guac-logo-squareish.png
link: /
text: GUAC
font:
name: "Open Sans"
sizes: [400,600]
hero:
# Main hero title
title: Know your software supply chain
# Hero subtitle (optional)
subtitle: GUAC projects give you directed, actionable insights into the security of your software supply chain.
# Hero image (from static/images/___)
image: logos/guac-logo.png
# Customizable navbar. For a dropdown, add a "sublinks" list.
navbar:
- title: GUAC
url: /guac
- title: Trustify
url: /trustify
- title: Community
url: /community
- title: Contributing
url: /contributing
- title: Blog
url: /blog
- title: Docs
url: https://docs.guac.sh/
- title: GitHub
url: https://github.com/guacsec/
button: true
sectionProjects:
title: GUAC projects
coreProjects:
- title: GUAC
logo: guac-logo.png
text: GUAC (Graph for Understanding Artifact Composition) aims to fill in the gaps by ingesting software metadata, like SBOMs, and mapping out relationships between software. When you know how one piece of software affects another, you’ll be able to fully understand your software security position and act as needed.
url: /guac
- title: Trustify
logo: trustify.png
text: The Trustify project is a collection of software components that enables you to store and retrieve Software Bill of Materials (SBOMs), and advisory documents. Developers can use this information to learn about common security vulnerabilities and dependency changes within their software supply chain.
url: /trustify
additionalProjects:
- title: sw-id-core
url: https://github.com/guacsec/sw-id-core
sectionCollab:
title: In Open Source collaboration with
orgsBig:
- name: Google
logo: google.png
# <!-- logos at images/logos/ -->
link: https://google.com/
- name: Kusari
logo: kusari.svg
link: https://kusari.dev
- name: Red Hat
logo: red-hat.png
link: https://redhat.com
orgs:
- name: Purdue University
link: https://www.purdue.edu/
logo: purdue.png
- name: Citi
link: https://www.citi.com/
logo: citi.png
- name: and many open source contributors...
link: https://github.com/guacsec/guac/contributors
section1:
title: How GUAC can help you
subtitle: These are just a few examples of insights that GUAC can give you to improve your software security posture
tiles:
- title: Unveils gaps
icon: binoculars
texts:
- text: Find the most used critical components in a software supply chain ecosystem
- text: Track if all binaries in production trace back to a securely managed repository
- text: Prevent supply chain compromises before they happen
- text: Find exposures to risky dependencies
url: https://github.com/guacsec/guac
buttonText: Find GUAC
- title: Compliance
icon: check
texts:
- text: Determine ownership of applications by organization
- text: Look for evidence that the application you're about to deploy meets your organization's policies
- text: Determine which application is missing SBOM or SLSA attestations
- text: Conduct SBOM Diffs to quickly determine changes between versions
url: https://github.com/guacsec/guac
buttonText: Get GUAC
- title: Threat Detection
icon: skull-crossbones
texts:
- text: Determine the blast radius of a bad package or a vulnerability and provide information and a patch plan towards remediation
- text: Track a suspicious project lifecycle event back to when it was introduced
- text: Obtain greater insight into vendor software vulnerabilities via VEX and project deprecation
url: https://github.com/guacsec/guac
buttonText: Eat GUAC
sectionOpenssf:
title: GUAC is an OpenSSF Incubating Project!
image: logos/openssf-incubating.png
subtitle: The Graph for Understanding Artifact Composition (GUAC) maintainers are pleased to announce the project has joined the Open Source Security Foundation (OpenSSF) as an Incubating Project in the Supply Chain Integrity Working Group.
buttonText: Learn More
buttonLink: "https://openssf.org/projects/guac/"
footer:
# Logo (from /images/logos/___)
logo: guac-logo-squareish.png
# Social Media Title
socialmediatitle: Follow GUAC
# # Social media links (GitHub, Twitter, etc.). All are optional.
socialmedia:
# # Icons are from Font Awesome
- link: /blog/index.xml
icon: rss
- link: https://youtube.com/@guacsec
icon: youtube
- link: https://github.com/guacsec
icon: github
quicklinks:
column1:
title: "Community"
titleLink: /community
column2:
title: "Blogs"
titleLink: /blogs
column3:
title: "Demos"
titleLink: https://docs.guac.sh/guac-use-cases/
column4:
title: "Docs"
titleLink: https://docs.guac.sh/