GUAC+Trustify: Building a Common Supply Chain Knowledge Graph (OpenSSF Community Day)

At OpenSSF Community Day Europe, Dejan Bosanac and I presented on Trustify joining the GUAC community.

Abstract: The superpower of open source is multiple people working together on a common goal. That works for projects, too. GUAC and Trustify are two projects bringing visibility to the software supply chain. Now they’re combining under the GUAC umbrella as a unified effort to address the challenges of consuming, processing, and utilizing supply chain security metadata at scale. The grand vision for this evolved community is to become the central hub within OpenSSF for initiatives focused on building and using supply chain knowledge graphs. This includes: defining & promoting common standards, data models, & ontologies; developing shared infrastructure & libraries; improving the overall tooling ecosystem; fostering collaboration & knowledge sharing; and providing a clear & welcoming community for contributors.

Date: 28 August 2025

Location: Amsterdam, NL

This post’s featured photo by Moisés Guimarães. Used under the CC BY 3.0 license.

Categories:Talks

Tags:conferences OpenSSF Community Day software supply chain

Ben Cotton

Ben is the Open Source Community Lead at Kusari. He formerly led open source messaging at Docker and was the Fedora Program Manager for five years. Ben is the author of Program Management for Open Source Projects. Ben is an Open Organization Ambassador and frequent conference speaker. His personal website is Funnel Fiasco.

Talks

GUAC+Trustify: Building a Common Supply Chain Knowledge Graph (OpenSSF Community Day)

Like this:

Related

Share this:

Like this:

Related

Share

Related Posts

Your bug tracker and you (SeaGL)

Using conferences for connections

Herding cats: project management in communities (DevConf.CZ)

Scheduling your open source project (SeaGL)

The future of first-party open source events

Your bug tracker and you (OLF Conference)