GUAC is a tool which ingests Software Bill of Materials (SBOM)s and other data into a graphdb and offers queryability on top of it.
They should eventually support ingestion from an s3 compatible bucket. This will be a big portion of Supply Chain Security.