Platform Use cases
Discover and De-Risk Your Open-Source Usage Organization-Wide
DeployHub Helps You Locate and Manage Open Source Software in Your Supply Chain
DeployHub Shows the Open-Source You Use
DeployHub maintains an inventory of the open-source software you use across teams and environments so you can make rapid and informed decisions about the open source usage and vulnerabilities across your software supply chain. With DeployHub, you will always know what open source components are in use and get instantly notified of new vulnerabilities.
The Widespread Use of Open-Source
The widespread use of open-source across global organizations has significantly influenced the need for a continuous watch system. Organizations opt for open-source software for a variety of compelling reasons. Firstly, cost-effectiveness is a major driver, as open source eliminates licensing fees, making it an economical choice for businesses of all sizes. Secondly, using open-source often results in faster innovation and the development of robust, high-quality solutions.
According to GitHub, 78% of organizations claim they use open-source software in their supply chain. Recent software supply chain attacks, such as Log4J, have exposed how organizations that consume open-source as part of their development process can become vulnerable to cyberattacks.
According to a 2017 Black Duck Study, the average percentage of open-source in the codebases of the applications scanned by Black Duck grew from 36% to 57% in 2017. This suggests that applications may now contain more open-source than proprietary code.
Continuous Security Intelligence controls and exposes the open-source inventory used across teams. Knowing where open-source is running across development, testing, and production environments is critical for rapidly responding to open-source software supply chain vulnerabilities. With open-source software vulnerabilities increasing, understanding the flow of open-source packages into the software supply chain is essential for proactively preventing cyberattacks related to open-source code.
DeployHub Shows the Open-Source You Use
Surveiling the inventory of open-source software is a key function of DeployHub’s central watch system. DeployHub continuously monitors and collects application security forensics, very every software release, to expose open-source package inventory. A simple search based on the package name can quickly provide a list of where the package is running and what it is impacting. This view can be seen from the component, application, or environment perspective.
In other words, DeployHub can easily answer the question, “Where is log4J running?” A simple query against the DeployHub data store will provide the answer:
Consuming Open Source in a Decoupled Environment
DeployHub helps simplify decoupled architectures by tracking how individual services are shared across the building blocks of software systems. Security data and open source packages are spread across hundreds of independently deployed components in decoupled architectures. DeployHub unifies component data up to all logical applications that consume the component to simplify the complexities of decoupled components. The result is the restoration of the logical application version, logical application SBOMs, and consolidated CVE reports.
DeployHub is a breakthrough in the cyber security battle. DeployHub disrupts how we manage software assets by providing insights into known vulnerabilities as soon as they are discovered and continuously associating that information with all the consuming applications.
Make Your Security Intelligence Actionable
Put Your SBOM Data to Work. Signup for DeployHub Team, the free SaaS software supply chain security platform. DeployHub Team is based on the Ortelius Open-Source project incubating at the Continuous Delivery Foundation.
Explore DeployHub