Platform Use Cases
DeployHub integrates seamlessly with CI/CD tools like Jenkins and Helm to embed security from build through deployment. Real-time checks at each stage pinpoint vulnerabilities as they arise, enabling fast and cost-effective remediation. Using the Ortelius open-source CLI, it tracks vulnerabilities across all component versions to deliver Continuous Vulnerability Management and a hardened DevSecOps pipeline.
The DeployHub Platform
Enhance your DevOps process with DeployHub’s DevSecOps Pipeline integration. Associate SonarQube Project Status, Bugs, Code Smells, and Violations metrics to your Component Version. Associating these metrics enables compliance scoring for Application Versions since the metrics are rolled up from the Component Versions to the Application Version. </p
Learn MoreDeployHub can associate Veracode Security Scan with your component version. Associating these metrics enables compliance scoring for Application Versions since the metrics are rolled up from the Component Versions to the Application Version.
Learn MoreIf you are not already generating an SBOM as part of your DevSecOps Pipeline integration, DeployHub’s integration with Syft can transform your DevOps pipeline to a DevSecOps platform.
Learn MoreDeployHub’s Continuous Vulnerability Management can consume CycloneDX formatted SBOMs. If you are already generating SBOMs, you will pass the name of the SBOM results to DeployHub Pro.
Learn MoreDeployHub’s Continuous Vulnerability Management can consume any SPDX formatted SBOM. If you are already generating SBOMs, you will pass the name of the SBOM results to DeployHub Pro.
Learn MoreDeployHub uses OSV.Dev to continuously monitor the vulnerabilities of your Components and Applications within your software supply chain. DeployHub Pro scans for new vulnerabilities every 10 minutes turning your DevOps pipeline into a DevSecOps platform that generates continuous vulnerability detection.
Learn MoreDeployHub integrates into your CI/CD process using the Ortelius Open-Source Command Line (CLI). The Ortelius CLI gathers supply chain data based on a single pipeline workflow at the build and deploy steps. The build step gathers Swagger, SBOM, Readme, licenses, Git data, Docker image, and other build output. The deploy step records when a release occurs, what was sent, and where the objects were sent to.
The Ortelius Open Source Community maintains the Ortelius CLI under the governance of the Linux Foundation’s Continuous Delivery Foundation. Learn MoreYou can configure DeployHub to call out to a Git Repo to pull deployable artifacts (binaries, scripts, etc.) as part of your deployment. The process will check out your deployable artifacts based on commit, branch or tag specified.
Learn MoreDeployHub integrates with Helm using the CI/CD Command Line Interface (CLI). For every Component Version, the CLI gathers and stores the Chart, Chart Name Space, Repo and version.
Learn MoreFor Component Versions managed by DeployHub, OpenSSF Scorecard data will be populated with the metrics found when available. This information is then aggregated to the ‘logical’ Application showing an overall OpenSSF score.
When DeployHub Pro is integrated into your CI/CD pipeline, it can capture metrics for DORA reporting. The two DORA metrics that DeployHub captures are Deployment Frequency and Lead Time for Changes.
DeployHub Pro collects Dora Metrics on Application Versions reporting the Application Dora metrics in decoupled architectures.Add your API Swagger documentation to your DeployHub evidence store to clarify component usage and details.
Learn MoreDeployHub integrates with Jira, Bugzilla, and GitHub issues to track your change request at three levels: Component (microservice), Application, and Release (collection of Applications). You define Jira, Bugzilla, or GitHub through an object called a ‘data source.’ Once defined, you can pull change requests from your issue system and assign them at any level for tracking. When change requests are managed this way, a continuous feedback loop shows when the issue was opened and when the customer received the fix.
If you are developing your Applications using SaleForce, this integration will allow you to support SalesForce deployments. By creating this Custom Action, you can replace the DeployHub standard deployment processing engine and instead use a process designed specific to Salesforce including the mapping of DeployHub Environments to different SalesForce regions such as testing, pre-production, and production, where the class and package files can be deployed.
Learn MoreDeployHub’s Continuous Vulnerability Management allows you to send notifications using Notifiers via HipChat Groups, Topics, or Room features. Notifications are defined to Components and Applications and inform the recipient(s) of the Component or Applications deployment’s success or failure.
Learn MoreSlack can be integrated with DeployHub using Notifiers. Notifiers can be called to report on the success or failure of a deployment.
DeployHub allows you to use LDAP or Active Directory to manage your User logins. The integration creates an LDAP Data Source to access an LDAP database and use the information stored to gain access to DeployHub. It also populates the Users General tab with Real Name and Email, which it gets from the LDAP database. When you define a User, you associate the LDAP authentication method. At login, DeployHub checks the User’s authentication method to determine if LDAP or Active Directory should be used.
Learn MoreHere’s how DeployHub stacks up against other leading vulnerability remediation platforms.
| Feature / Capability | DeployHub | Sonatype Nexus | Snyk | Anchore | SonarQube |
| Primary Focus | Continuous post-deployment threat detection & SBOM management | Software composition analysis, repository management | Vulnerability scanning & open source security | Container and image security, scanning for vulnerabilities | Code quality & security analysis |
| SBOM Generation / Management | ✅ Generates & aggregates SBOMs across decoupled apps | ✅ Consumes & manages SBOMs | ✅ Generates SBOMs from projects | ✅ Generates SBOMs for containers | ❌ Not SBOM-focused |
| Runtime Vulnerability Detection | ✅ Real-time monitoring post-deployment | ❌ Primarily pre-deployment | ✅ Runtime scanning for containerized apps | ✅ Runtime scanning of container images | ❌ Static analysis only |
| Integration with CI/CD | ✅ Jenkins, Helm, Kubernetes, Ortelius CLI | ✅ Maven, Gradle, CI/CD pipelines | ✅ GitHub Actions, GitLab CI, Jenkins | ✅ CI/CD pipelines for container builds | ✅ CI/CD plugins for build & test |
| Languages / Platforms Supported | Any (app-centric SBOM mapping) | Java, npm, Python, Ruby, Docker | Node.js, Java, Python, Docker | Docker, OCI-compliant containers | Multiple languages for code analysis |
| Vulnerability Database / Updates | ✅ Aggregates from open-source and proprietary sources | ✅ Nexus Vulnerability DB | ✅ Proprietary + OS & open-source databases | ✅ Anchore Vulnerability DB | ✅ Uses CWE and Sonar rules |
| License Compliance | ✅ Tracks licenses across components | ✅ License policy enforcement | ✅ License scanning | ✅ License scanning in containers | ❌ License scanning not primary |
Take A Tour
Explore Ortelius SaaS and experience automated vulnerability detection in action with a quick, hands-on overview. DeployHub is based on Ortelius OS. Ortelius is incubating at the Continuous Delivery Foundation.
Explore DeployHub
Continuously monitor security across your entire application portfolio.
Attack Surface Visibility & Monitoring for Open-Source Software Security
Aggregate SBOMs and instantly comply with executive order 14028.
