The clock is ticking. With the Cyber Resilience Act's 2026/2027 deadlines, transparency into your software dependencies is now critical. Other regulations and inner company security also require more transparency when it comes to dependencies in your Software.

The CNCF has proactively built a central, GUAC-based visualization to explore the SBOMs of all its projects. This provides a single, queryable source of truth for the entire cloud-native supply chain.

Let’s take a look at what we built, how we did it, and how you can leverage this open-source model for your company. As it is built on top of Open Source tools and itself is open source, let’s see what you can take advantage of for your own companies.