Ortelius Open Source

Open Source Continuous Vulnerability Management

Ortelius is a free SaaS vulnerability management platform for open-source projects and small teams, hosted by DeployHub.

What is Open Source Vulnerability Management?

Open Source Vulnerability Management is the process of identifying, tracking, and addressing vulnerabilities in open-source software components. It involves continuously monitoring for potential risks in open-source packages and dependencies, which can be exploited by cyber threats.

An open-source vulnerability management platform can help DevOps manage emerging code-level vulnerabilities in open-source packages. By collecting SBOM and deployment metadata from CI/CD tools like Jenkins, it can enable quick responses to vulnerabilities after static application security checks are completed.

Open-Source Vulnerability Management for Rapid Response to Emerging Threats in CI/CD Pipelines

Ortelius is an open-source vulnerability management platform, incubating at the Continuous Delivery Foundation. Ortelius is an essential tool for keeping up with the thousands of emerging code-level vulnerabilities looming in open-source packages. 

By collecting SBOM and deployment metadata from CI/CD tools like Jenkins, Ortelius enables rapid response to vulnerabilities after your static application security checks are complete. Signup for Ortelius and get started gathering clues and forensics so you can respond to vulnerabilities fast.

What is Rapid Response?

The ability to identify when your runtime environments contain high-level or critical vulnerabilities that need immediate attention is crucial for maintaining a secure application ecosystem.

While scanning code in repositories helps detect vulnerabilities, it doesn’t necessarily reflect what’s actually being used in production environments.

DeployHub takes SBOM (Software Bill of Materials) reports, analyzes the open source packages within them, and matches those packages to specific production endpoints—pinpointing where vulnerabilities are actively running. This means we can detect when a new open source vulnerability is present in your production environment, even if you’re not using a static code analysis process during your release cycle.

As a result, you can rapidly respond to what matters.

continuous delivery foundation

Real-Time Security at DevOps Speed

Find New Vulnerabilities

Zero in on finding new vulnerabilities that are exposing production environments right now.

Focus on What Matters

Cut through the noise to help teams focus only on what matters today, with no manual patching delays. 

Neutralize Vulnerabilities Swiftly

Neutralize code-level vulnerabilities swiftly across all software assets within minutes, not months.

Step 1

Sign Up For Ortelius Open Source

When you sign up for the Ortelius open source platform, you will need a Company and Project Name to sign up. The Company Name you enter will be created as your company’s private domain, referred to as your Global Domain. Your Project Name will be used under your company Domain.


    Step 2

    15 Minute Test Drive

    Login to the Ortelius Open-Source SaaS environment to see how Ortelius manages its own open source vulnerabilities and security profile. This tutorial is a fast and easy way to learn how to manage vulnerabilities. 

    Step 3

    Try It With Your Data - Proof of Concept

    Complete a POC that automates Ortelius OS via your CI/CD Pipeline. Ortelius uses a Command Line Interface to automate vulnerability management. We have provided a suggested POC starting point, which includes the CLI integration. Start your Proof of Concept and begin securing your software supply chain.

    Join the Community

    Join the Ortelius community. Get involved in building the ultimate open source vulnerability management platform.   

    Ortelius GitHub

    Join the Project, open issues, add your name to the Read.me, explore PRs. 

    Whitepaper Download

    Application Security Tooling in the DevOps Pipeline

    Learn how to evolve your DevOps Pipeline to a DevSecOps Pipeline with open-source tooling.

    Explore  DeployHub

    Platform Use Cases

    DevSecOps tool for unified visibility

    Bridge your dev, security and ops teams through shared insights.

    DevOps Tool for Exposing Open-Source

    Discover and de-risk open-source usage organization-wide.

    DevSecOps Tool SBOM Sharing

    Aggregate SBOMs and instantly comply with executive order 14028.

    DevSecOps tool for security sharing

    Continuously monitor security across your entire application portfolio.

    DevSecOps Tool vulnerability blast radius

    Assess the impact of a vulnerability’s blast radius.

    DevSecOps tool for CI/CD pipelines

    Transform devops pipelines with devsecops tool integration.

    ortelius-stacked-color-small

    Take A Tour of Our Platform

    See Open Source Vulnerability Management In Action

    Sign up for Ortelius SaaS for free and experience our open source vulnerability management platform in action with a quick, hands-on overview. DeployHub Pro is based on Ortelius OS. Ortelius is incubating at the Continuous Delivery Foundation. 

    devsecops-website

    Whitepaper Download

    Application Security Tooling in the DevOps Pipeline

    Learn what is needed to evolve your DevOps pipeline to a DevSecOps pipeline.