Google has announced the 0.1 Beta version of Graph for Understanding Artifact Composition (GUAC), an open source framework that provides an API for developers to integrate their own tools and policy engines. GUAC aggregates software security metadata from different sources into a graph database, allowing organizations to better understand how one piece of software affects another. This makes it easier to identify potential supply chain attacks and create a patch plan. Additionally, GUAC can certify if a builder is compromised and then query for affected artifacts, allowing the Chief Information Security Officer to create a policy to prevent any software from the affected area from being used.
Source: Hackernews
To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.