Hello and Happy New Year,
Thank you all for your unwavering support of the Ortelius project. It’s been an incredibly productive year, marked by significant advancements in continuously tracking vulnerabilities through the Ortelius platform. Notably, the team successfully completed integrations with OpenSSF Scorecard and OSV.dev, enabling continuous scanning of package vulnerabilities—even after the artifact has been deployed, with mapping to deployed endpoints.
Here are some of our other key achievements:
- A blog on Ortelius and OpenSSF Scorecard, written by Tracy Ragan has been published by
OpenSSF.
- Sacha Wharton and Arvind Singharpuria
received Gold Legend awards. This is the highest level of achievement earned for contributions in both coding and outreach activities.
- We held our first SecureChainCon that included talks from experts in SBOMs and supply chain security.
View the playlist.
- Tracy Ragan was elected to the OpenSSF Governing Board for 2025
- Ortelius has just under 1,000 followers - we could use more so please follow us on
LinkedIn and
Bluesky.
But we do need help.
Specifically, we’re seeking Jenkins Admins to assist in developing a plug-in for Jenkins, advancing its capabilities to include continuous vulnerability management. While we’ve made progress on the plug-in, additional Jenkins expertise is essential to drive this effort forward. Additionally, we are planning to implement a new architecture and need individuals with strong front-end development skills to help bring this vision to life. If you are interested, our next architecture meeting is on January 30th. We hope you will consider joining the effort.
Join Architecture Zoom Meeting
https://us02web.zoom.us/j/5054246439?pwd=YnJidG1HR1dWN3dDbVlXcXBaOU9uQT09Meeting ID: 505 424 6439Passcode: 1000
And one last thing. If you are looking for work, or want to learn more about how to brand yourself, we are hosting a series of Job Seeker Webinars. The first will be held on March 5th 11ET. Darrin Straff from Career Station will be speaking. For more information and to register visit the Ortelius.io Events page.
And remember, aliens are real.
Ortelius Open-Source Project
The mission of the Ortelius Project is to consolidate Security and DevOps data into an aggregated evidence store so IT teams can rapidly respond to software supply chain threats. Ortelius gives teams a comprehensive view of an organization's security profile vs. one container at a time.
