Ortelius Open Source
Ortelius is a free SaaS vulnerability management platform for open-source projects and small teams, hosted by DeployHub.
Open Source Vulnerability Management is the process of identifying, tracking, and addressing vulnerabilities in open-source software components. It involves continuously monitoring for potential risks in open-source packages and dependencies, which can be exploited by cyber threats.
An open-source vulnerability management platform can help DevOps manage emerging code-level vulnerabilities in open-source packages. By collecting SBOM and deployment metadata from CI/CD tools like Jenkins, it can enable quick responses to vulnerabilities after static application security checks are completed.
Ortelius is an open-source vulnerability management platform, incubating at the Continuous Delivery Foundation. Ortelius is an essential tool for keeping up with the thousands of emerging code-level vulnerabilities looming in open-source packages.Â
By collecting SBOM and deployment metadata from CI/CD tools like Jenkins, Ortelius enables rapid response to vulnerabilities after your static application security checks are complete. Signup for Ortelius and get started gathering clues and forensics so you can respond to vulnerabilities fast.
The ability to identify when your runtime environments contain high-level or critical vulnerabilities that need immediate attention is crucial for maintaining a secure application ecosystem.
While scanning code in repositories helps detect vulnerabilities, it doesn’t necessarily reflect what’s actually being used in production environments.
DeployHub takes SBOM (Software Bill of Materials) reports, analyzes the open source packages within them, and matches those packages to specific production endpoints—pinpointing where vulnerabilities are actively running. This means we can detect when a new open source vulnerability is present in your production environment, even if you’re not using a static code analysis process during your release cycle.
As a result, you can rapidly respond to what matters.
Zero in on finding new vulnerabilities that are exposing production environments right now.
Cut through the noise to help teams focus only on what matters today, with no manual patching delays.Â
Neutralize code-level vulnerabilities swiftly across all software assets within minutes, not months.
Step 1
When you sign up for the Ortelius open source platform, you will need a Company and Project Name to sign up. The Company Name you enter will be created as your company’s private domain, referred to as your Global Domain. Your Project Name will be used under your company Domain.
Step 2
Login to the Ortelius Open-Source SaaS environment to see how Ortelius manages its own open source vulnerabilities and security profile. This tutorial is a fast and easy way to learn how to manage vulnerabilities.Â
Step 3
Complete a POC that automates Ortelius OS via your CI/CD Pipeline. Ortelius uses a Command Line Interface to automate vulnerability management. We have provided a suggested POC starting point, which includes the CLI integration. Start your Proof of Concept and begin securing your software supply chain.
Whitepaper Download
Learn how to evolve your DevOps Pipeline to a DevSecOps Pipeline with open-source tooling.
Explore DeployHub
Take A Tour of Our Platform
Sign up for Ortelius SaaS for free and experience our open source vulnerability management platform in action with a quick, hands-on overview. DeployHub Pro is based on Ortelius OS. Ortelius is incubating at the Continuous Delivery Foundation.Â
Mailing Address:
30 N Gould St Ste 36977 Sheridan, WY 82801-6317 US
Phone:
505.424.6440
Learn what is needed to evolve your DevOps pipeline to a DevSecOps pipeline.
