An independent, evidence-based trust comparison of Garak and Guardrails AI, two Security & Guardrails projects in the HVTracker registry. Scores come from public, checkable signals — supply-chain provenance, OSSF Scorecard, maintenance, and adoption — not popularity.
| Signal | Garakleondz/garak | Guardrails AIguardrails-ai/guardrails |
|---|---|---|
| HVTrust score | 58.1 | 82.8 |
| Evidence grade | C | A |
| Coverage grade | A | A |
| Overall rank | #215 | #43 |
| Rank in Security & Guardrails | #4 | #1 |
| GitHub stars | 8.4k | 7.1k |
| Last updated | 1d ago | 1d ago |
| Build provenance | No | Yes |
| OSSF Scorecard | 4.8 / 10 | 6.0 / 10 |
| License | Apache-2.0 | Apache-2.0 |
| Downloads | 14k/wk | 41k/wk |
| Trust dimensions (points earned) | ||
| Safety / integrity / 25 | 9.8 | 20.0 |
| Identity & provenance / 18 | 10.8 | 18.0 |
| Transparency / 17 | 12.6 | 13.6 |
| Maintenance / 20 | 17.5 | 17.6 |
| Adoption / 20 | 15.0 | 15.4 |
| Runtime capability surface (full matrix) | ||
| MCP server | — | — |
| External providers | 3 — Amazon Bedrock, Anthropic, OpenAI | 2 — Anthropic, OpenAI |
| Requires API keys | Yes | Yes |
| Plugin surface | plugins | — |
| Provenance drift | Warning | Unknown |
How to read this: HVTrust (0–100) weighs supply-chain signals (provenance, OSSF Scorecard, signed commits, open license) alongside real-world adoption, scaled by an evidence-confidence factor. Grade bands: A ≥ 80, B ≥ 65, C ≥ 50, D < 50. Signals refresh daily. Full methodology v4.2 →