Identify Open-source Threats Post-Deployment to Remediate Fast
Defend Your Software Against Open-Source Threats
Patch OSS Vulnerabilities Before They Attack
Open-Source vulnerabilities pose a serious threat in the dynamic and interconnected world of cloud-native environments. Ortelius delivers robust defense with end-to-end monitoring, detailed reporting, and rapid elimination of emerging vulnerabilities across your entire attack surface—from development to production. With Ortelius, you can swiftly patch vulnerabilities as they arise, reducing the risk of costly delays, data breaches, and operational disruptions.
The fragmented nature of decoupled cloud-native architectures often hampers IT teams’ ability to respond effectively to threats. According to Sonatype’s 2024 Report, open-source package vulnerabilities have surged with 80% remaining unaddressed for over a year. Ortelius eliminates guesswork by pinpointing exactly where affected open-source packages are deployed across the infrastructure, enabling proactive and continuous package remediation.
With Ortelius, you can confidently answer the critical question, “Where is Log4J running?” and stay one step ahead of evolving threats.
The Ortelius Community, managed by the Continuous Delivery Foundation, maintains the latest version, with corporate support from DeployHub a Continuous Vulnerability Management platform designed to expedite remediation patches for the Enterprise.
Ortelius Use Cases
Extend Jenkins for Continuous Post Deployment Security
Ortelius extends Jenkins by adding continuous vulnerability monitoring for deployed applications. Unlike traditional SCA tools that scan source code or container images during the build, Ortelius focuses on what matters most: what’s actually running in production and is the most vulnerable to attack.
Ortelius Ecosystem
Sign-up and Get Started Managing Post Deployment CVEs
From discovering where open-source packages are being used, to federating OpenSSF Scorecard and Application Security Posture Management data, Ortelius serves as a central hub for managing, evaluating, and responding to vulnerabilities, and understanding the risk associated to consuming open-source packages from code to cloud.
Get started with Ortelius using the free SaaS version. Take a quick tutorial and see it in action.
Get Involved
SecureChainCon, May 16, 2025
Level Up Your Security Skills
Welcome to SecureChainCon, the premier online micro-conference for DevOps and Security professionals, proudly hosted by the Ortelius open-source community! Get ready for a half-day of engaging sessions and invaluable learning designed to keep you ahead in the fast-paced world of software security and DevOps automation. Our lineup of expert speakers from top organizations will share their insights, best practices, and real-world case studies on seamlessly integrating security into DevOps workflows.
KeyNote:
- John Willis, Botchagalupe “AI-Powered Code Parsing and Semantic Analysis for DevOps Pipelines”
As software development ecosystems grow increasingly complex, the need for intelligent DevOps automation in script analysis and dependency management becomes critical. Join Jon Willis as he explores cutting-edge tools and techniques that leverage AI-driven code parsing and semantic analysis to enhance DevOps workflows. He will discuss the application of Large Language Models (LLMs) such as GPT-4, CodeBERT, and OpenAI Codex in parsing infrastructure and automation scripts, including Jenkinsfile, Dockerfile, Makefile, GitHub Actions, and Terraform. These models facilitate the identification of dependency installations (e.g., apt-get install, pip install, npm install) and pinpoint update points within scripts.
Job Seeker's Toolkit
Webinars and Resources
As you work through the process of finding a new role, there are an increasing number of resources available to you. The Ortelius team has curated these resources into useful categories. Most are free or offer initial free access, with some offering paid services.
Get Resources and Links on Job Hunting.
Job Seekers Webinar Episodes:
Episode 1 - View Now Building Your LinkedIn Personal Brand to Get Noticed, Presented by Darrin Straff, CareerStation
Episode 2 - View Now Secrets Unveiled: How Employers Find (and Hire) Top Talent, Presented by Erin Lovern and Buffie Gresh
Attend CDCon June 23-25,2025
Join Open Source Developers in Denver
Attend CDCon, held at Open Source Summit 2025 in the mile high city of Denver Colorado.
Why You Should Attend:
Open Source Summit is the premier event for open source developers, technologists, and community leaders to collaborate, share information, solve problems, and gain knowledge, furthering open source innovation and ensuring a sustainable open source ecosystem. It is the gathering place for open-source code and community contributors.
Open Source Summit is a conference umbrella, composed of a collection of events covering the most important technologies, topics, and issues affecting open source today including CDCon where DevOps is explored and improved.
Our Inspiration
Abraham Ortelius
Abraham Ortelius made his name by collecting data from scientists, geographers, and cartographers of his time and transforming it into what the world now knows as a world Atlas. His Atlas, titled Theatrum Orbis Terrarum (Theatre of the World), was published on May 20, 1570. His Atlas disrupted the way the world was seen, with the first concepts imagining continental drift. Also of interest are the sea monsters shown in the water – mythical creatures that were a subject of fascination in Ortelius’ generation.
A Thought Leader in Sharing
Ortelius also in some ways created on open source community of his day. To accomplish his goal, he was the first cartographers to give credit to his fellow scientists by adding their names to the Atlas. Ortelius was known to have corresponded with other professionals throughout Europe and pulled together their knowledge to create his publication and a truly global view of the world.
Thank you Abraham Ortelius for showing us the way.