Topics include Supply Chain Security, Vulnerability Management, Neat Tricks, and Contributor insights.
DeployHub, visionaries in microservice governance, today announced they have won a $75k grant to improve access and audits of software bill of material reports, a key tool in hardening cybersecurity. DeployHub will apply the grant funding to the Ortelius.io open-source project, incubating at the Continuous Delivery Foundation. The XRPL Grant program sponsored by Ripple provides funding to support software development projects that leverage the open-source XRP Ledger (XRPL).
The Ortelius open-source community will work with DeployHub to develop the open-source governance catalog to create an immutable SBOM audit trail that allows open-source developers to easily register their packages with SBOM information allowing organizations consuming open-source to easily access and act upon SBOM data, CVEs, and other usage information.
“SBOMs are key to understanding the software supply chain; however, they are not well managed, can be easily manipulated, and have no clear audit trail” explains Steve Taylor, CTO, DeployHub, Inc. “The transactions captured by the XRP Ledger will include the creation of the component version NFT, the creation of the application-level SBOM version, and the consumption of a logical application SBOM version.”
“We are honored to have been awarded the prestigious XRPL Grant which will allow the Ortelius community to address the gaps in SBOM management and audit. Providing a central store of this critical information will allow all open-source projects to be more secure” stated Tracy Ragan, CEO, DeployHub.
For more information, read the full DeployHub blog
DeployHub’s mission is to empower organizations to achieve business agility through a managed approach to the microservice supply chain using a unified catalog of services and their usage. Unique to the DeployHub offering is its ability to version services along with their consuming applications providing visibility into microservice usage, and service impact. DeployHub provides a clear view of your microservices supply chain and how it changes over time.