About our Founders
Learn more

Case Study:

US Regional Health Insurer

Health Provider Preps for the Next React4Shell

Kusari unifies visibility of enterprise-wide software supply chain

Industry

Health Insurance Provider

About

  • 5,000 employee health insurance organization
  • Operates a large, complex application ecosystem with modern CI/CD pipelines, containerized workloads, and a broad mix of open source and third-party dependencies
  • Security team uses best-of-breed tools for SAST, SCA, container scanning, and dependency management, yet visibility was fragmented across systems
  • Responding to the next security exploit or attack without a consolidated view of their environment was no longer an option

Key Challenges

Could not answer urgent, high-stakes questions quickly:

  • What software and dependencies (especially transitive dependencies) are running right now?
  • Where is a vulnerable package deployed — across apps, images, and environments?
  • How exposed are we when the next React4Shell-level vulnerability drops?

Valued Outcomes

Kusari is the central system of record for software supply chain visibility, complementing the customer's current tools by: 

  • Ingesting SBOMs generated by tools they already trust
  • Normalizing data across applications, images, and pipelines
  • Providing self-service global search by package, vulnerability, component, and lifecycle status
  • Enabling fast, precise answers during high-pressure vulnerability events

In our customer's words: 

"We serve 3.6M members across several states. We don’t want to go through another exploit, like React4Shell, without Kusari.”


Unlike traditional SCA or container scanning tools, Kusari is not another scanner. Kusari fills the visibility gap that only becomes obvious when everything is on fire.

What makes us different:

  • Tool-agnostic ingestion: Kusari can work with any tool in the development pipeline, ingest existing SBOMs or generate them from scratch and augment over time
  • Enterprise-wide visibility: Microservices, repos, images, and pipelines — together — not sifting through pages and pages of findings without signals or context
  • Vulnerability-first search: Identify where vulnerabilities exist (not just that they exist) and be informed if you are at risk
  • Lifecycle awareness: License information, end-of-life, and deprecation are first-class signals
  • Designed for incidents: Built to immediately answer “Are we affected?”
  • Ease of use: Integrates directly with existing tools and workflows, deploy in minutes, see immediate results
  • Autonomous remediation: Kusari AI surfaces and prioritizes risks with instant remediation feedback

Like what you read? Share it with others.

Want to learn more about Kusari?

Schedule a Demo
About KusariResourcesContactCareersCompany Logos

© 2025 Kusari Inc. All rights reserved.

Terms
Privacy
Cookies
By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
PreferencesDenyAccept