Platform Use Case
Ortelius is a free post-deployment vulnerability management platform for small teams, hosted by DeployHub.
Platform
From discovering where open-source packages are being used, to federating OpenSSF Scorecard, Ortelius.io serves as a central hub for vulnerability detection so teams can trust the open-source they rely on from code to cloud. Free to use, incubating at the Continuous Delivery Foundation, with a SaaS offering hosted by Deployhub.
The Ortelius.io contributor community is a global, diverse group of innovators advancing open-source vulnerability management and software supply chain security. Contributors bring perspectives from AI, platform engineering, DevOps, cybersecurity, and open-source governance to solve one of the industry’s hardest problems: understanding what software is running, where it is deployed, who owns it, and how it can be secured after release. This mix of expertise helps Ortelius evolve beyond traditional DevSecOps tooling, combining real-world engineering experience with emerging ideas in AI-driven remediation, SBOM intelligence, deployment metadata, and continuous vulnerability management.
The Ortelius.io project maintains an active contributor community through bi-weekly meetings focused on vulnerability management architecture, technical direction, community outreach, and ecosystem growth. These meetings give contributors a regular forum to share ideas, review implementation priorities, and coordinate efforts across security, DevOps, platform engineering, and open-source adoption. Ortelius also hosts the annual SecureChainCon, held each May in honor of Abraham Ortelius, the project’s namesake, bringing together experts and practitioners to advance conversations around software supply chain security, SBOMs, DevSecOps, and post-deployment vulnerability management.
The Ortelius Team needs you. Regardless of your previous involvement in an open source community, you can help. From outreach, project management, testing and core developers, Ortelius has a place for anyone interested in working on an open source project. And most important are our Ortelius Adopters. They are responsible for defining our roadmap and keeping us honest.
Together, we can accelerate the evolution of vulnerability detection, post-deployment, with Ortelius driving community adoption and transparency. This committer ecosystem ensures that Ortelius becomes a stronger, smarter, and more trusted solution with every release.
The Ortelius vulnerability management platform is an open source project incubated under the Continuous Delivery Foundation (CDF), part of the Linux Foundation, which ensures it operates under open governance and community-driven development. This means Ortelius is guided by transparent processes, a neutral governing board, and a merit-based model where contributors from any organization can participate equally. Being part of the CDF provides oversight, vendor neutrality, and alignment with other key DevOps projects, ensuring that Ortelius remains an open, interoperable standard for software supply chain visibility and continuous delivery innovation.
Is Ortelius Open Source right for you? Find the best solution for your needs.