# OpenSSF GraphQL API

GUAC aggregates software supply-chain security metadata (SBOMs, attestations, vulnerabilities, signatures) into a queryable graph. GUAC exposes a GraphQL API for supply-chain queries when self-hosted.

**Endpoint:** https://guac.sh

**Documentation:** https://guac.sh/

**References:**

- Documentation: https://docs.guac.sh/