Merge pull request #62 from funnelfiasco/add_guac

Add GUAC to the catalog

SBOM-Catalog/public/data.yaml

@@ -578,3 +578,19 @@
     - Validate
   Type:
   Language:
+
+- Name: GUAC
+  Link: https://github.com/guacsec/guac
+  Publisher: GUAC (OpenSSF)
+  License: OpenSource
+  Standards:
+    - CycloneDX
+    - SPDX
+  Abilities:
+    - Consume
+  Type: 
+    - Source
+    - Build
+    - Analyzed
+  Language:
+    - Generic

SBOM-Catalog/public/descriptions/GUAC.md

@@ -0,0 +1,12 @@
+[Graph for Understanding Artifact Composition](https://guac.sh) (GUAC)  provides supply chain observability with a graph view of the software supply chain and tools for performing queries to gain actionable insights.
+
+GUAC is for developers, operations, and security practitioners who need to identify and address problems in their software supply chain, including proactively managing dependencies and responding to vulnerabilities.
+
+GUAC has three key differentiating features from other tools in this space
+
+* **Works on more than one SBOM at a time.**
+This allows observability into the entire software portfolio instead of application-by-application.
+* **Aggregates additional data beyond the SBOM.**
+GUAC brings in data like dependencies and vulnerabilities from trusted third-party sources, enriching the supply chain graph.
+* **Provides APIs and a visualization tool.**
+GUAC’s query and visualization tooling let the user get the answers to the questions they need to ask.