Santa Fe, NM – 7/20/2022– DeployHub, visionaries in microservice governance, announced they have won a $75k grant to improve access and audits of software bill of material reports, a key tool in hardening cybersecurity. DeployHub will apply the grant funding to the Ortelius.io open-source project, incubating at the Continuous Delivery Foundation. The XRPL Grant program sponsored by Ripple provides funding to support software development projects that leverage the open-source XRP Ledger (XRPL).
Ortelius is an open-source governance catalog that tracks software components and their dependencies. DeployHub has contributed 80% of the Ortelius code base and is committed to building an SBOM catalog that can be utilized by the open-source community. The XRP Ledger will be used to create an immutable SBOM audit trail that allows organizations to easily consume and act upon SBOM data, CVEs, and other usage information.
“SBOMs are key to understanding the software supply chain; however, they are not well managed, can be easily manipulated, and have no clear audit trail,” explains Steve Taylor, CTO, DeployHub, Inc. “The transactions captured by the XRP Ledger will include the creation of the component version NFT, the creation of the application-level SBOM version, and the consumption of a logical application SBOM version.”
“We are honored to have been awarded the prestigious XRPL Grant, which will allow us to address the gaps in SBOM management and audit. Providing a central store of this critical information will allow all open-source projects to be more secure,” stated Tracy Ragan, CEO, DeployHub.
For more information, read the full blog at https://www.deployhub.com/sbom-audit-trail/
DeployHub’s mission is to empower organizations to achieve business agility through a managed approach to the microservice supply chain using a unified catalog of services and their usage. Unique to the DeployHub offering is its ability to version services along with their consuming applications providing visibility into microservice usage, and service impact. DeployHub provides a clear view of your microservices supply chain and how it changes over time.
Ortelius is a unified microservice catalog designed to track and version your microservice software supply chain along with all of their consuming ‘logical’ applications. With Ortelius, you can easily view your ‘logical’ application’s SBOM, CVEs, service dependencies, and inventory based on versions. Ortelius generates new versions of microservices and their consuming logical applications each time you update your container registry. By centralizing and tracking detailed supply chain data, Ortelius provides you a proactive view of your microservice architecture and the differences between each service update. The latest version of Ortelius is maintained by the Ortelius Community managed by the Continuous Delivery Foundation (Linux Foundation). It was originally created by DeployHub and OpenMake Software. Our mission is to simplify the adoption of modern architecture through a world-class microservice catalog driven by a supportive and diverse global open source community.
DeployHub is a registered trademark of DeployHub, Inc. All other trademarks used in this document are the property of their respective owners.