A Central Vulnerability Evidence Store for DevSecOps
Open-Source Continuous Vulnerability Management
Code-level vulnerabilities pose a significant risk in the intricate landscape of cloud-native environments. Ortelius provides end-to-end monitoring, reporting, and faster remediation of security issues throughout the software supply chain. With Ortelius, organizations can swiftly address vulnerabilities in open-source packages, reducing the risk of costly delays and potential security incidents.
Many IT teams struggle to respond to threats due to the fragmented nature of decoupled, cloud-native architecture. Sonatype’s 2024 Report shows a 156% increase in open-source package vulnerabilities, exceeding 512k, with 80% of them unaddressed for over a year. Ortelius streamlines the remediation process by showing where impacted open-sources packages are running across the infrastructure for continuous package remediation.
The Ortelius Community, managed by the Continuous Delivery Foundation, maintains the latest version, with corporate support from DeployHub.
With Ortelius, you can easily answer the question, “where is Log4J running?”
Ortelius Use Cases
Sign-up and Get Started Managing Vulnerabilities
From discovering where open-source packages are being used, to federating OpenSSF Scorecard and Application Security Posture Management data, Ortelius serves as a central hub for managing, evaluating, and responding to vulnerabilities, and understanding the risk associated to consuming open-source packages from code to cloud.
Get started with Ortelius using the free SaaS version. Take a quick tutorial and see it in action.
Get Involved
Holiday Gathering December 11th, 20024
Join us on Wednesday, December 11th, 2024 for our annual celebration of the Ortelius Contributor Community.
Why You Should Attend:
- Show your support for our dedicated Committers.
- Learn how to gather SBOM data via the CI/CD Pipeline.
- See how Ortelius leverages SBOM data to expose newly reported vulnerabilities across your Software Supply Chain.
8:30-9:30 Beer and Donuts
Celebrate the dedicated committers that make up the Ortelius Family. Awards will be given to top Ambassadors, Champions and Legends.
9:45 - 11:30 Uncovering Code-Level Vulnerabilities: Strengthening Your CI/CD Pipeline for Continuous Vulnerability Management
Take a tutorial that walks you through how to manage vulnerabilities in real-time with Ortelius, and see how Ortelius serves as a single dashboard for security reporting, including OpenSSF Scorecard metrics. The team will then give a demo on how to integrate security tooling into your CI/CD pipeline using the Ortelius command line interface. It is time to start generating and consuming SBOM data as part of the DevOps pipeline. Ortelius makes it easy.
Our Inspiration
Abraham Ortelius
Abraham Ortelius made his name by collecting data from scientists, geographers, and cartographers of his time and transforming it into what the world now knows as a world Atlas. His Atlas, titled Theatrum Orbis Terrarum (Theatre of the World), was published on May 20, 1570. His Atlas disrupted the way the world was seen, with the first concepts imagining continental drift. Also of interest are the sea monsters shown in the water – mythical creatures that were a subject of fascination in Ortelius’ generation.
A Thought Leader in Sharing
Ortelius also in some ways created on open source community of his day. To accomplish his goal, he was the first cartographers to give credit to his fellow scientists by adding their names to the Atlas. Ortelius was known to have corresponded with other professionals throughout Europe and pulled together their knowledge to create his publication and a truly global view of the world.
Thank you Abraham Ortelius for showing us the way.