Topics include Supply Chain Security, Vulnerability Management, Neat Tricks, and Contributor insights.
May 8th, 2023 - Vancouver, Canada. Today, Ortelius, an open-source project incubating at the Continuous Delivery Foundation (CDF), announced they will incorporate Emporous as an official sub-project to effectively manage the secure software supply chain from metadata to artifact.
Ortelius gathers and aggregates DevOps and Supply Chain intelligence for all types of objects, but does not store the objects themselves. According to Steve Taylor, Sr.Ortelius Contributor and Board Member of the CDF Technology Oversight Committee, “Emporous will be incorporated to enhance metadata search capabilities and provide a single repository to store any type of object from containers to jar files.”
Emporous is a universal object reference initially created by the open-source contributors at Red Hat. Emporous helps organizations effortlessly store, organize and search metadata related to software artifacts along with the artifacts themselves.
Integrating Emporous into Ortelius provides a unique opportunity to support the project goals of effectively categorizing all of the relevant software dependencies, relationships, security insights, with the artifacts themselves in a single location. Managing, discovering, and organizing DevOps and security insights for primary assets is a challenge faced by most organizations. Learn more
Ortelius provides mapping support for software systems that use a wide ecosystem of components and dependencies, gathering supplemental resources, like Software Bill of Materials (SBOMs) and vulnerability reports. Emporous will enhance these capabilities to include the artifacts themselves, as well as improve the metadata search capabilities.
According to Vincent Danen, Vice President of Red Hat Product Security and OpenSSF Governing Board Member, “Ortelius, augmented by Emporous, provides exciting opportunities for tracking security data associated with a variety of attributes that meet critical compliance and security data needs at the organizational level. These tools will assist security and operational teams enforce supply chain policies and procedures through easy, automated mechanisms.”
The Ortelius governance board has approved an expansion of two seats to allow for representation from the Emporous community to bring their knowledge and experience to support and steer the project forward into the future.
The Continuous Delivery Foundation (CDF) serves as the vendor-neutral home of many of the fastest-growing projects for continuous integration/continuous delivery (CI/CD). It fosters vendor-neutral collaboration between the industry’s top developers, end users and vendors to further CI/CD best practices and industry specifications. Its mission is to grow and sustain projects that are part of the broad and growing continuous delivery ecosystem.