Graph for Understanding Artifact Composition (GUAC) adds persistent storage in v0.6.0 release

Takeaways & Learnings

Overview of the SPIFFE/SPIRE CSI Driver

There’s a misconception in Cybersecurity among some that Software Supply Chain Security is just Third Party Risk Mana...

Executive Order (EO) 14028, Improving the Nation’s Cybersecurity was released last year in May.

Understanding and maintaining your software supply chain can be a task that needs 24/7 vigilance.

KubeCon + CloudNativeCon is right around the corner and we are excited to be attending in person!

Heartbleed (CVE-2014-0160) in 2014 left the industry in a scramble...

What is Software Supply Chain security, and why should I care?

Understanding Zero Trust and Its Benefits

A Story of Software and Cats

We’re excited to announce the open-sourcing of Spector.

Kusari is excited to announce the v0.1 beta release of GUAC — Graph for Understanding Artifact Composition.

Working towards determining a persistent database for GUAC

Tim appeared as a guest on the daBOM podcast.

Helm Chart for GUAC

A look into Guidewire's software supply chain security use case and why they are using GUAC

Kusari have just launched a YouTube Channel!

CVE-2023-38545 - HIGH Severity Vulnerability

GUAC's OpenVEX Integration

The missing first step that most organizations are still struggling with

Kusari elected to OpenSSF leadership roles

Kusari raises seed funding

Kusari speaking at FOSDEM and other EU community venues

Nathan Naveen, a 17-year-old high schooler, shares his journey to becoming an intern at Kusari

Today, we find ourselves in a moment akin to proud parents, as we witness a significant milestone in the journey of Graph for Understanding Artifact Composition (GUAC).

The GUAC maintainers are pleased to announce the project has joined the Open Source Security Foundation (OpenSSF) as an Incubating Project.

The recent incident involving the XZ backdoor brings to light the critical importance of vigilance and proactive security measures, while not losing sight of the human element.

Gone are the days when signing containers and running vulnerability scans through CI processes provided a sense of security.

Improving performance with pagination and more

CVE IDs don't tell you much, but somehow we started using them as a proxy for security

The Secure By Design Pledge is a great starting point, but it can’t be the end.

How you handle your dependencies will change how you secure your software supply chain

Only two months left until the Secure Software Development Attestation Form deadline

It's not enough to just have the data, you need to be able to see it.

GUAC v0.8.0 brings support for license information, running vuln scans upon SBOM ingestion, node deletion, and many other improvements.

Actionable insights come from SBOMs plus additional information

Practical ways to protect against AI software attacks

v0.8.0 features new integration with ClearlyDefined

The White House commits $11 million to enhance our collective understanding of the challenges surrounding open source software.

Organizations often struggle to identify vulnerabilities and risks hidden within the layers of dependencies. Address it by using a holistic approach to software security.

Navigating modern software development is a complex challenge. Kusari’s aim is to make it easier.

Secure development starts with developers: bring forth the code masters

Addressing Common Vulnerabilities and Exposures (CVEs) is no longer optional—aiming to eliminate them is a critical priority for securing modern systems.