Platform Use Cases
Discover and De-Risk Open-Source
DeployHub Pro Evaluates the Security Posture of Open-Source Software in Your Supply Chain
Manage your open-source software security with DeployHub vulnerability management platform. DeployHub Pro helps you maintain the security profile and inventory of the open-source software you consume through the software supply chain. DeployHub Pro helps you make rapid and informed decisions about open-source usage across all system assets within your infrastructure – code to cloud.
DeployHub Pro integrates with the security tools commonly used by open-source projects, like OpenSSF Scorecard. It consolidates the results and presents them on a unified dashboard, offering teams a comprehensive view of the security posture of the open-source packages they rely on.
Key Concept
Open source software security is the software in the public domain that people can freely use, modify, and share. Learn more about OSS security for organizations.
Here’s how DeployHub Pro helps with exposing Open-source software security.
Surveilling the inventory of open-source software is a key function of DeployHub Pro’s central watch system. DeployHub Pro continuously monitors and collects application security forensics for every software release exposing open-source packages used across all of your system assets.
Organizations can continuously monitor and collect application security forensics for every software release exposing open-source packages across all system assets within your infrastructure.
DeployHub Pro helps simplify decoupled architectures by tracking how individual services are shared across the building blocks of software systems. Security data and open-source packages are spread across hundreds of independently deployed components in decoupled architectures.
Using the DeployHub Pro platform, teams can aggregate component data up to all logical applications that consume the component to simplify the complexities of decoupled, cloud-native architectures. The result is the restoration of the logical application version, logical application SBOMs, and consolidated CVE reports.
DeployHub Pro’s central watch system is critical for rapidly responding to open-source software security vulnerabilities.
A simple search based on the package name can quickly provide a list of where the package is running and what it is impacting. This view can be seen from the component, application, or environment perspective. In other words, DeployHub Pro can easily answer the question, “Where is log4J running?” A simple query against the DeployHub Pro evidence store will provide you with the answer.
A Component’s OpenSSF Scorecard results.
Whitepaper Download
Explored
In a decoupled architecture, an Application-Level Software Bill of Materials (SBOM) report is typically unavailable. Discover how DeployHub Pro addresses this challenge.
Take A Tour
Explore Ortelius open-source. Sign up for Ortelius SaaS and experience vulnerability management in action with a quick, hands-on overview. DeployHub Pro is based on Ortelius OS. Ortelius is incubating at the Continuous Delivery Foundation.
