Security has to be built on an open foundation

Protecting your software supply chain is serious business. Identifying where dependencies exist is complicated to navigate. Kusari’s solutions give you full transparency about which software is being used in your apps and systems so you can find it–and fix it–in a moment’s notice. Powered by open source standards we’ve pioneered, our platform has no proprietary formats or walled gardens and no preference on SBOM formats or software languages. Our technology is accessible. You can know how it works and understand why it works so well.

Learn More

We’re transparent about how we provide transparency.

Kusari’s community commitment

Kusari founders have a track record of securing software supply chains in the most sensitive financial services, government, and regulated markets in the world. We’re a driving force in the open source community, creating tools and helping uplevel the technical know-how of developers and security teams.

Our three founders.

Our team has played an influential role in the software supply chain security movement by:

Influencing the development of SLSA, the software supply chain framework, as part of the SLSA steering committee, and maintainer on the specification

Co-authoring the CNCF Secure Software Factory reference architecture as well as a new book Securing the Software Supply Chain

Thinking about the challenges holistically, leading to the creation and contribution to new open source tools, like FRSCA, GUAC, in-toto attestations, in-toto-golang, and Spector

Educating the community on software supply chain security, as project core maintainers and part of CNCF TAG Security, OpenSSF Governing Board, OpenSSF TAC and OpenSSF Working Groups

Kusari open source project contributions


Aggregates software security metadata into a high fidelity graph database to locate, store, analyze, and correlate software artifact data

Learn More

Tooling and a library for generation, validation and verification of supply chain metadata documents and frameworks

Learn More

A suite of build, pipeline, signing, visibility, identity, and policy tools configured to operate securely

Learn More
in toto attestation framework.

A framework that provides a specification for generating verifiable claims about any aspect of how a piece of software is produced

Learn More
All star.

An app that continuously monitors GitHub organizations or repositories for adherence to security best practices

Learn More

Want to have a conversation about your software supply chain?

We’d love to hear from you.  Get in touch and we'll get back to you.

Say Hello