Platform
Ortelius is a free SaaS vulnerability detection platform for small teams, hosted by DeployHub.
Platform
From discovering where open-source packages are being used, to federating OpenSSF Scorecard, Ortelius.io serves as a central hub for vulnerability detection so teams can trust the open-source they rely on from code to cloud. Free to use, incubating at the Continuous Delivery Foundation, with a SaaS offering hosted by Deployhub.
The relationship between the Ortelius open source community and DeployHub is a true symbiosis. Ortelius provides the open innovation foundation where new ideas, integrations, and best practices are continuously tested for vulnerability detection and refined by a global community of DevOps and platform engineers. DeployHub, in turn, contributes engineering resources, infrastructure, and real-world use cases that help advance Ortelius’ capabilities and maturity.
Together, they accelerate the evolution of vulnerability detection, post-deployment, with Ortelius driving community adoption and transparency, and DeployHub transforming those innovations into enterprise-ready solutions. This shared ecosystem ensures that both the open source community and the commercial platform grow stronger, smarter, and more trusted with every release.
Step 1
When you sign up for Ortelius, you will need a Company and Project Name to sign up. The Company Name you enter will be created as your company’s private domain, referred to as your Global Domain. Your Project Name will be used under your company’s Domain. Review the Terms of Use.
Step 2
Login to the Ortelius OS SaaS environment to see how Ortelius manages its own open source vulnerabilities and security profile. This tutorial is a fast and easy way to learn how to manage vulnerabilities.
Step 3
Complete a POC that automates Ortelius OS via your CI/CD Pipeline. Ortelius uses a Command Line Interface to automate vulnerability management. We have provided a suggested POC starting point, which includes the CLI integration. Start your Proof of Concept and begin securing your software supply chain.
The Ortelius vulnerability detection platform is an open source project incubated under the Continuous Delivery Foundation (CDF), part of the Linux Foundation, which ensures it operates under open governance and community-driven development. This means Ortelius is guided by transparent processes, a neutral governing board, and a merit-based model where contributors from any organization can participate equally. Being part of the CDF provides oversight, vendor neutrality, and alignment with other key DevOps projects, ensuring that Ortelius remains an open, interoperable standard for software supply chain visibility and continuous delivery innovation.
Is Ortelius Open Source right for you? Find the best solution for your needs.
Continuously identify and neutralize open source threats across all infrastructure assets with real-time vulnerability management.
Assemble real-time Application SBOMs from CI/CD pipelines to drive open source vulnerability management and full supply chain visibility.
Monitor OSV.dev in real time and receive daily CVE alerts to support rapid, ongoing open source vulnerability management.
Use OpenSSF scorecard insights for every SBOM package to support compliance and improve open source vulnerability management.
Strengthen open source vulnerability management by linking package risks to their live deployment environments.
Locate and assess open-source package risks across all operational assets through the central dashboard to improve vulnerability management efficiency and streamline response workflows.