Use the Evidence You Already Collect
Ortelius is the go to place for DevOps and Security engineers to view and analyze security intelligence. The Ortelius evidence store collects data generated by existing tools such as SBOM tools, Software Composition Analysis tools, CVE databases, and deployment data. Security and DevOps tools are called by the DevOps process. In a decoupled architecture, pipelines are executed for every independently deployed container. This causes DevOps and Security data to be fragmented across tools or left in the build directory where the DevOps pipeline was executed, making it difficult to see a complete software application’s security profile, CVEs and SBOMs. By aggregating the data, Ortelius provides CISO and Development teams sweeping views of the critical software supply chain intelligence needed for rapidly responding to cyber threats. Most important, Ortelius shows your open-source usage and details across the organization with [’logical applications’](/microservicemapping/ mapping. Some of the data collected by Ortelius includes:
In a decoupled architecture, component updates drive new applicaiton versions. Each time a shared component is updated, all of the consuming ’logical’ applications have new SBOMs. Because Ortelius versions the overall supply chain, it automatically provides a new aggregated application level SBOM for every component update. This information is critical for meeting Government SBOM requirements such as EO 14028.
Component Usage
The Ortelius evidence store is a critical piece of the overall software supply chain security puzzle. Ortelius gathers and analyzes existing DevOps and security data, aggregated to application and organizational levels. This centralized data simplifies the jobs of CISO and development teams when a supply chain event occurs. Ortelius provides a full inventory of where open-source packages are running, what application team consumes the package, and what component included the package. These critical details can be viewed from an organizational level giving teams the critical information they need to rapidly respond to threats and anomalies.
Using or want to use Ortelius? Find out more here:
If you want to get more involved by contributing to Ortelius, join us here: