Protecting your software supply chain is serious business. Identifying where dependencies exist is complicated to navigate. Kusari’s solutions give you full transparency about which software is being used in your apps and systems so you can find it–and fix it–in a moment’s notice. Powered by open source standards we’ve pioneered, our platform has no proprietary formats or walled gardens and no preference on SBOM formats or software languages. Our technology is accessible. You can know how it works and understand why it works so well.
Kusari founders have a track record of securing software supply chains in the most sensitive financial services, government, and regulated markets in the world. We’re a driving force in the open source community, creating tools and helping uplevel the technical know-how of developers and security teams.
Influencing the development of SLSA, the software supply chain framework, as part of the SLSA steering committee, and maintainer on the specification
Co-authoring the CNCF Secure Software Factory reference architecture as well as a new book Securing the Software Supply Chain
Thinking about the challenges holistically, leading to the creation and contribution to new open source tools, like FRSCA, GUAC, in-toto attestations, in-toto-golang, and Spector
Educating the community on software supply chain security, as project core maintainers and part of CNCF TAG Security, OpenSSF Governing Board, OpenSSF TAC and OpenSSF Working Groups
Aggregates software security metadata into a high fidelity graph database to locate, store, analyze, and correlate software artifact data
Tooling and a library for generation, validation and verification of supply chain metadata documents and frameworks
A suite of build, pipeline, signing, visibility, identity, and policy tools configured to operate securely
A framework that provides a specification for generating verifiable claims about any aspect of how a piece of software is produced
An app that continuously monitors GitHub organizations or repositories for adherence to security best practices
