Track the Numerous Changes Moving Through the CI/CD Pipeline

Assess the Impact of Changes and Track them Effectively

Continuously Track Changes in Your Software Supply Chain

Know What Changed and What is Impacted

Ortelius provides the necessary tools to track the numerous changes moving through the CI/CD pipeline in a decoupled architecture. It offers critical data to understand why and by whom an artifact (such as a container, API, or microservice) was updated, and who the update impacts. By integrating DevSecOps data directly into the CI/CD pipeline, Ortelius helps assess the impact of changes and track them effectively.

Each change introduces potential risks from new open-source packages, which may come with vulnerabilities. With hundreds of thousands of vulnerabilities discovered annually, identifying critical ones is vital. Ortelius generates comparison reports and tracks the “blast radius” of every shared component, including its open-source package details. It also aggregates this data at the logical application level, providing insights for both individual components and collections of components delivered to end users.

application comparison report
Federated SBOM

Tracking Components to Logical Application Versions

The Ortelius vulnerability evidence store tracks component versions, which collectively make up application versions. Each time a component is updated, a new logical version of all consuming applications is generated, along with updated SBOMs and CVE analyses. This version tracking is also linked to the environments where the changes are deployed, providing a complete inventory of components across all environments.

Since components include versions of open-source packages based on their SBOMs, Ortelius can show exactly where each open-source package is installed. This visibility allows CISO teams to quickly assess risks and respond to supply chain security events.

Ortelius

Conclusion and Get Started

From discovering where open-source packages are being used, to federating OpenSSF Scorecard and Application Security Posture Management data, Ortelius serves as a central hub for managing, evaluating, and responding to vulnerabilities, and understanding the risk associated to consuming open-source packages from code to cloud.

Get started with Ortelius using the free SaaS version. Take a quick tutorial and see it in action.