{"id":34086379,"url":"https://github.com/ortelius/ortelius","last_synced_at":"2026-02-06T21:05:27.572Z","repository":{"id":42560273,"uuid":"84104787","full_name":"ortelius/ortelius","owner":"ortelius","description":"The mission of the Ortelius community is to expose weak links in the software supply chain by continuously gathering and analyzing software supply chain intelligence introduced across the DevOps pipeline and connected to your deployed environments.","archived":false,"fork":false,"pushed_at":"2026-01-20T17:12:21.000Z","size":942444,"stargazers_count":377,"open_issues_count":15,"forks_count":128,"subscribers_count":27,"default_branch":"main","last_synced_at":"2026-01-21T02:22:40.679Z","etag":null,"topics":["hacktoberfest"],"latest_commit_sha":null,"homepage":"https://ortelius.io","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ortelius.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2017-03-06T18:06:36.000Z","updated_at":"2026-01-20T17:12:16.000Z","dependencies_parsed_at":"2023-10-13T06:34:17.518Z","dependency_job_id":"53664e09-d1b6-4bd8-a366-fae7d26ce101","html_url":"https://github.com/ortelius/ortelius","commit_stats":null,"previous_names":[],"tags_count":1055,"template":false,"template_full_name":null,"purl":"pkg:github/ortelius/ortelius","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ortelius%2Fortelius","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ortelius%2Fortelius/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ortelius%2Fortelius/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ortelius%2Fortelius/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ortelius","download_url":"https://codeload.github.com/ortelius/ortelius/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ortelius%2Fortelius/sbom","scorecard":{"id":1242026,"data":{"date":"2026-01-20T17:12:56Z","repo":{"name":"github.com/ortelius/ortelius","commit":"3285b730282ccde35b8c4d85aa5d97ccf7b8a891"},"scorecard":{"version":"v5.0.0","commit":"ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4"},"score":5.3,"checks":[{"name":"Binary-Artifacts","score":0,"reason":"binaries present in source code","details":["Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/bcprov-jdk18on-1.78.1.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/commons-codec-1.16.0.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/commons-collections-3.2.2.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/commons-fileupload-1.5.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/commons-io-2.18.0.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/commons-lang-2.4.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/commons-lang3-3.4.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/commons-logging-1.2.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/cryptacular-1.2.5.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/cvss-calculator-1.4.1.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/fluent-hc-4.5.14.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/gson-2.8.9.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/guava-32.1.1-jre.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/httpclient-4.5.14.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/httpclient-cache-4.5.14.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/httpcore-4.4.16.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/httpmime-4.5.14.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/jackson-annotations-2.14.2.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/jackson-core-2.14.2.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/jackson-databind-2.14.2.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/java-support-8.0.0.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/javax.mail.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/jaxb-api-2.4.0.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/jjwt-api-0.12.6.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/jjwt-impl-0.12.6.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/jjwt-jackson-0.12.6.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/jjwt-orgjson-0.12.6.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/jna-4.1.0.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/jna-platform-4.1.0.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/joda-time-2.9.9.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/json-20240303.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/jstl.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/logback-classic-1.5.6.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/logback-core-1.5.6.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/metrics-core-3.1.2.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/opensaml-core-4.2.0.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/opensaml-messaging-api-4.2.0.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/opensaml-messaging-impl-4.2.0.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/opensaml-profile-api-4.2.0.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/opensaml-profile-impl-4.2.0.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/opensaml-saml-api-4.2.0.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/opensaml-saml-impl-4.2.0.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/opensaml-security-api-4.2.0.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/opensaml-security-impl-4.2.0.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/opensaml-soap-api-4.2.0.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/opensaml-soap-impl-4.0.1.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/opensaml-storage-api-4.0.1.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/opensaml-storage-impl-4.2.0.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/opensaml-xmlsec-api-4.2.0.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/opensaml-xmlsec-impl-4.2.0.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/pac4j-core-5.7.1.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/pac4j-javaee-5.7.1.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/pac4j-saml-5.7.1.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/postgresql-42.7.2.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/slf4j-api-2.0.7.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/snakeyaml-2.0.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/spring-core-5.3.29.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/spring-jcl-5.3.29.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/standard.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/velocity-engine-core-2.3.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/xmlsec-4.0.2.jar:1","Warn: binary detected: dmadminweb/WebContent/WEB-INF/lib/xmlsectool-3.0.0.jar:1","Warn: binary detected: installers/linux/engine/lib/md5sum.exe:1","Warn: binary detected: installers/linux/webadmin/webapp-runner.jar:1","Warn: binary detected: tomcat7/lib/annotations-api.jar:1","Warn: binary detected: tomcat7/lib/catalina-ant.jar:1","Warn: binary detected: tomcat7/lib/catalina-ha.jar:1","Warn: binary detected: tomcat7/lib/catalina-tribes.jar:1","Warn: binary detected: tomcat7/lib/catalina.jar:1","Warn: binary detected: tomcat7/lib/ecj-P20140317-1600.jar:1","Warn: binary detected: tomcat7/lib/el-api.jar:1","Warn: binary detected: tomcat7/lib/jasper-el.jar:1","Warn: binary detected: tomcat7/lib/jasper.jar:1","Warn: binary detected: tomcat7/lib/jsp-api.jar:1","Warn: binary detected: tomcat7/lib/postgresql-42.5.2.jar:1","Warn: binary detected: tomcat7/lib/servlet-api.jar:1","Warn: binary detected: tomcat7/lib/tomcat-api.jar:1","Warn: binary detected: tomcat7/lib/tomcat-coyote.jar:1","Warn: binary detected: tomcat7/lib/tomcat-dbcp.jar:1","Warn: binary detected: tomcat7/lib/tomcat-i18n-es.jar:1","Warn: binary detected: tomcat7/lib/tomcat-i18n-fr.jar:1","Warn: binary detected: tomcat7/lib/tomcat-i18n-ja.jar:1","Warn: binary detected: tomcat7/lib/tomcat-jdbc.jar:1","Warn: binary detected: tomcat7/lib/tomcat-util.jar:1","Warn: binary detected: tomcat7/lib/tomcat7-websocket.jar:1","Warn: binary detected: tomcat7/lib/websocket-api.jar:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#binary-artifacts"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#branch-protection"}},{"name":"CI-Tests","score":10,"reason":"1 out of 1 merged PRs checked by a CI test -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#ci-tests"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#cii-best-practices"}},{"name":"Code-Review","score":0,"reason":"Found 1/29 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#code-review"}},{"name":"Contributors","score":10,"reason":"project has 17 contributing companies or organizations","details":["Info: keptn contributor org/company found, cdfoundation contributor org/company found, kcd-australia contributor org/company found, cdevents contributor org/company found, sustainable-computing-io contributor org/company found, k8sgpt-ai contributor org/company found, Virtual-Coffee contributor org/company found, ortelius contributor org/company found, openmake contributor org/company found, wellsfargo contributor org/company found, kubernetes contributor org/company found, acutro contributor org/company found, techhub-community contributor org/company found, deployhub contributor org/company found, todogroup contributor org/company found, kubernetes-sigs contributor org/company found, basiqio contributor org/company found, "],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#contributors"}},{"name":"Dangerous-Workflow","score":0,"reason":"dangerous workflow patterns detected","details":["Warn: script injection with untrusted input ' github.head_ref || github.ref_name ': .github/workflows/build-push-chart.yml:41"],"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#dangerous-workflow"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: RenovateBot: renovate.json:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#dependency-update-tool"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.md:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE.md:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#license"}},{"name":"Maintained","score":6,"reason":"2 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 6","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#maintained"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/build-push-chart.yml:9"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":6,"reason":"dependency not pinned by hash detected -- score normalized to 6","details":["Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-push-chart.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/ortelius/ortelius/build-push-chart.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-push-chart.yml:154: update your workflow using https://app.stepsecurity.io/secureworkflow/ortelius/ortelius/build-push-chart.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-push-chart.yml:221: update your workflow using https://app.stepsecurity.io/secureworkflow/ortelius/ortelius/build-push-chart.yml/main?enable=pin","Warn: pipCommand not pinned by hash: docker/DockerfileBase:12","Warn: downloadThenRun not pinned by hash: .github/workflows/build-push-chart.yml:46","Warn: goCommand not pinned by hash: .github/workflows/build-push-chart.yml:47","Warn: pipCommand not pinned by hash: .github/workflows/build-push-chart.yml:48","Warn: downloadThenRun not pinned by hash: .github/workflows/build-push-chart.yml:103","Warn: downloadThenRun not pinned by hash: .github/workflows/build-push-chart.yml:170","Warn: downloadThenRun not pinned by hash: .github/workflows/build-push-chart.yml:237","Info:   9 out of   9 GitHub-owned GitHubAction dependencies pinned","Info:  14 out of  17 third-party GitHubAction dependencies pinned","Info:   6 out of   6 containerImage dependencies pinned","Info:   0 out of   2 pipCommand dependencies pinned","Info:   0 out of   4 downloadThenRun dependencies pinned","Info:   0 out of   1 goCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: SAST configuration detected: CodeQL","Info: all commits (2) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#sast"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/ortelius/.github/SECURITY.md:1","Info: Found linked content: github.com/ortelius/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/ortelius/.github/SECURITY.md:1","Info: Found text in security policy: github.com/ortelius/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#security-policy"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact ms-ui-10.0.451 not signed: https://api.github.com/repos/ortelius/ortelius/releases/278347685","Warn: release artifact ms-nginx-10.0.451 not signed: https://api.github.com/repos/ortelius/ortelius/releases/278347674","Warn: release artifact ms-general-10.0.451 not signed: https://api.github.com/repos/ortelius/ortelius/releases/278347667","Warn: release artifact ms-ui-10.0.450 not signed: https://api.github.com/repos/ortelius/ortelius/releases/239087520","Warn: release artifact ms-nginx-10.0.450 not signed: https://api.github.com/repos/ortelius/ortelius/releases/239087514","Warn: release artifact ms-ui-10.0.451 does not have provenance: https://api.github.com/repos/ortelius/ortelius/releases/278347685","Warn: release artifact ms-nginx-10.0.451 does not have provenance: https://api.github.com/repos/ortelius/ortelius/releases/278347674","Warn: release artifact ms-general-10.0.451 does not have provenance: https://api.github.com/repos/ortelius/ortelius/releases/278347667","Warn: release artifact ms-ui-10.0.450 does not have provenance: https://api.github.com/repos/ortelius/ortelius/releases/239087520","Warn: release artifact ms-nginx-10.0.450 does not have provenance: https://api.github.com/repos/ortelius/ortelius/releases/239087514"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#signed-releases"}},{"name":"Token-Permissions","score":9,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: jobLevel 'contents' permission set to 'write': .github/workflows/build-push-chart.yml:19","Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:18","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:19","Info: jobLevel 'actions' permission set to 'read': .github/workflows/scorecard.yml:24","Info: jobLevel 'contents' permission set to 'read': .github/workflows/scorecard.yml:25","Warn: no topLevel permission defined: .github/workflows/build-push-chart.yml:1","Info: topLevel permissions set to 'read-all': .github/workflows/codeql.yml:11","Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:13"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#token-permissions"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2026-01-21T04:49:46.413Z","repository_id":42560273,"created_at":"2026-01-21T04:49:46.413Z","updated_at":"2026-01-21T04:49:46.413Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29175867,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-06T20:14:21.878Z","status":"ssl_error","status_checked_at":"2026-02-06T20:14:21.443Z","response_time":59,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hacktoberfest"],"created_at":"2025-12-14T13:27:11.733Z","updated_at":"2026-02-06T21:05:27.567Z","avatar_url":"https://github.com/ortelius.png","language":"Java","funding_links":[],"categories":["hacktoberfest"],"sub_categories":[],"readme":"# Ortelius\n\nOrtelius is an open-source post-deployment vulnerability defense platform that reduces MTTR for critical and high-risk CVEs impacting live systems to less than 10 days. It continuously maps deployed applications to their open-source components, providing real-time visibility into vulnerabilities actively running in production — not just what was scanned before release.\n\n![Release](https://img.shields.io/github/v/release/ortelius/ortelius?sort=semver)\n![license](https://img.shields.io/github/license/ortelius/.github)\n\n![Build](https://img.shields.io/github/actions/workflow/status/ortelius/ortelius/build-push-chart.yml)\n![CodeQL](https://github.com/ortelius/ortelius/workflows/CodeQL/badge.svg)\n[![OpenSSF\n-Scorecard](https://api.securityscorecards.dev/projects/github.com/ortelius/ortelius/badge)](https://api.securityscorecards.dev/projects/github.com/ortelius/ortelius)\n\n\n![Discord](https://img.shields.io/discord/722468819091849316)\n\n## What Ortelius Does\n\nMost security tools focus on prevention before deployment. Ortelius focuses on defense after deployment, when new vulnerabilities are disclosed against software already in use. Ortelius aggregates DevOps, deployment, and security intelligence into a unified digital twin of deployed software, tracking open-source inventory and CVEs across applications, environments, clusters, and organizational domains — not just containers or images.\n\nWith Ortelius, teams can immediately answer:\n\n“Where is this vulnerability running right now?”\n\nBy identifying which CVEs are actively deployed and reachable in live environments, Ortelius enables teams to prioritize true risk, reduce blast radius, and drive remediation workflows fast enough to meet today’s threat landscape.\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://www.youtube.com/watch?v=n_aNHMYKXKw\"\u003e\n    \u003cimg src=\"https://img.youtube.com/vi/sqDx4ReOm70/maxresdefault.jpg\" width=\"600\"/\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\n\n## Ortelius Mission\n\nOur mission is to improve software supply chain defense by providing real-time, federated visibility into vulnerabilities impacting live systems, enabling faster detection, prioritization, and remediation across the DevSecOps lifecycle.\n\n\n## Ortelius Benefits\n\nThe benefits of the Ortelius Open Source Project are:\n\n- Digital Twin of Deployed Software: Creates a continuously updated digital twin that federates DevOps and software supply chain intelligence across organizational, team, and tooling silos.\n\n- End-to-End Vulnerability Mapping: Maps application versions → open-source packages → deployed endpoints, synchronizing with OSV.dev to identify newly disclosed CVEs actively impacting live systems and expanding attack surface.\n\n- Faster CVE Remediation: Reduces mean time to remediation (MTTR) for newly reported critical and high-risk vulnerabilities by identifying where vulnerable components are running in production.\n\n- Workflow-Native Security Integration: Integrates open-source security tooling directly into CI/CD and platform engineering workflows, enabling security insights to drive action—not just alerts.\n\n- Supply Chain History and Trend Analysis: Maintains versioned supply chain intelligence over time, establishing a historical system of record that supports threat modeling, blast-radius analysis, compliance reporting, and remediation planning.\n\n\nList of v11 Repos:\n* [scec-app-tag](https://github.com/ortelius/scec-app-tag.git)\n* [scec-appver](https://github.com/ortelius/scec-appver.git)\n* [scec-comp-tag](https://github.com/ortelius/scec-comp-tag.git)\n* [scec-compver](https://github.com/ortelius/scec-compver.git)\n* [scec-vulnerability](https://github.com/ortelius/scec-vulnerability.git)\n* [scec-deployment](https://github.com/ortelius/scec-deployment.git)\n* [scec-deppkg](https://github.com/ortelius/scec-deppkg.git)\n* [scec-environment](https://github.com/ortelius/scec-environment.git)\n* [scec-group](https://github.com/ortelius/scec-group.git)\n* [scec-scorecard](https://github.com/ortelius/scec-scorecard.git)\n* [scec-textfile](https://github.com/ortelius/scec-textfile.git)\n* [scec-user](https://github.com/ortelius/scec-user.git)\n* [scec-usergroup](https://github.com/ortelius/scec-usergroup.git)\n* [scec-validate-provenance](https://github.com/ortelius/scec-validate-provenance.git)\n* [scec-validate-signing](https://github.com/ortelius/scec-validate-signing.git)\n* [scec-validate-user](https://github.com/ortelius/scec-validate-user.git)\n\n\n## Code of Conduct\n\n[Contributor Covenant Code of Conduct](./CODE_OF_CONDUCT.md)\n\n## Become a contributor\n\n1) Review the [Ortelius Contributor Guide](https://docs.ortelius.io/guides/contributorguide/)\n2) Add yourself to the [Ortelius Google Group](https://groups.google.com/g/ortelius-dev)\n3) Join the [Discord community channel](https://discord.gg/ZtXU74x)\n\n## Open Source Sub-Committees\n\n[Calendar of meetings with times and zoom info.](https://ortelius.io/events/)\n\n## Ortelius Governing Board\n- [Govering Board Guidelines and Elections](https://ortelius.io/guidelines/)\n- [GB Google Group](https://groups.google.com/g/ortelius-governing-board)\n- [Current Governing Board Members](https://ortelius.io/blog/2022/12/13/ortelius-2023-governing-board/)\n\n\n### CD Environment - Development Infrastructure and Productivity\n\nCreate a CD process for managing pull requests, builds, tests and releases.\n\nContributors:\n\n- Anand Bhagwat\n- Steve Taylor\n- Sanjay Sheel\n- Sacha Wharton\n- Sagar Utekar\n- Nael Fridhi\n- Sanchit Khurana\n- Natch Khongpasuk\n- Brad McCoy\n- Zach Jones\n- Aditi Agarwal\n- Jesse Gonzalez\n- Jimmy Malhan\n- Arvind Singharpuria\n- Interas LLC - Corporate Contributer\n- Ujwal Yelmareddy\n- Lakshmi Viswanath\n- Hamid Gholami\n- Kingsathurthi\n- Bassem Riahi\n- Arnab Maity\n- Steven Carrato\n- Ragha Vema\n- Priya Kashyap\n- Siddharth Pareek\n- Ashutosh Apurva\n\n\n### CD Integrations\n\nCreate integrations with documentation and videos for the following CI/CD Solutions:\n\n- Jenkins: 90% work completed\n- Jenkins X\n- Screwdriver\n- Tekton (Tekton Catalog)\n- Spinnaker\n- Argo\n\nContributors:\n\n- Steve Taylor\n- Sacha Wharton\n- Sagar Utekar\n- Nael Fridhi\n- Sanchit Khurana\n- Karamjot Singh\n- Sergio Canales\n- Zach Jones\n- Aditi Agarwal\n- Jesse Gonzalez\n- Lakshmi Viswanath\n- Kingsathurthi\n- Bassem Riahi\n- Arnab Maity\n- Ashutosh Apurva\n\n\n### UX and Testing\n\nReview User Interface and make recommendations for improving with a focus on ease of use. Define test cases with automation.\n\nContributors:\n- David Edelhart\n- Tracy Ragan\n- Parijat Kalita\n- Ashutosh Srivastava\n- Poovaraj Thangamariappan\n- Yasaman Khazaie\n- Nik Poputko\n- Anirudh Sharma\n- Ragha Vema\n- Manoj Singhal\n\n### Documentation\n\nReview documentation and re-write or clarify complexities.\n\nContributors:\n\n- Tracy Ragan\n- Divya Mohan\n- Mark Peters\n- Arijeet Majumdar\n- Pawel Kulecki\n- Jayesh Srivastava\n\n### Architecture\n\nDigtial Twin development, MCP and the use of AI for Auto-remediation of dependency files. \n\nContributors:\n\n- Christopher Hicks\n- Steve Taylor\n- Ayesha Khaliq\n- Drishti Dhamejani\n- Rahul Agrawal\n- Sacha Wharton\n- Sagar Utekar\n- Nael Fridhi\n- Sanchit Khurana\n- Karamjot Singh\n- Zach Jones\n- Jesse Gonzalez\n- Neil Chen\n- Devendran Nehru\n- Arvind Singharpuria\n- Turker Aslan\n- Leniuska Alvarado\n- Ankur Kumar\n- Lakshmi Viswanaths\n- Bassem Riahi\n- Paul Li\n- Joseph Akayesi\n- Christian De Leon\n- Ian Anderson\n- Priya Kashyap\n\n### Development\n\nWork on existing enhancements and bug fixes. Add them to the core Ortelius repository unless a doc change.\n\nContributors:\n\n- Steve Taylor\n- Drishti Dhamejani\n- Melissa Albarella\n- Sagar Utekar\n- Nael Fridhi\n- Sanchit Khurana\n- Zach Jones\n- Jesse Gonzalez\n- Temitope Bimbo Babatola\n- Munirat Sulaimon\n- Neil Chen\n- Atul Tiwari\n- Devendran Nehru\n- Utkarsh Kumar Sharma\n- Avikam Jha\n- Jayesh Srivastava\n- Arvind Singharpuria\n- Aman Saxena\n- Ashutosh Srivastava\n- Leniuska Alvarado\n- Bassem Riahi\n- Paul Li\n- Joseph Akayesi\n- Christian De Leon\n- Akshat Jain\n- Ragha Vema\n- Kumar A. Anurag\n- - Ashutosh Apurva\n\n### Product Management\n\n- Website, branding, outreach\n- Review messaging, update logo, submit blogs.\n- Personas, Journey Maps, service maps, roadmaps, Value Canvas, Go-to-Market strategies, product metrics.\n- What problem or opportunity is being explored?\n- How is the solution being framed to tackle this?\n- What is being measured to determine if this is successful?\n- Who are the people that this solution serves?\n- How are they being informed about it?\n- How are they learning to actually use or benefit from it?\n- How are they involved in collaborating on the solution with us?\n- What is the experience like for new collaborators getting started?\n- How does the solution fit with both the immediate and wider ecosystem?\n- Are there any roadblocks that can be removed in how we operate?\n- What additional resources could be made available? Where would those resources help most?\n- Where is the documentation being maintained on the project?\n- Do we understand accessibility requirements? Are we meeting them?\n\nContributors:\n\n- Tracy Ragan\n- Neetu Jain\n- Divya Mohan\n- Mark Peters\n- Alok Tanna\n- Arijeet Majumdar\n- Tatiana Lazebnyk\n- Turker Aslan\n- Priya Kashyap\n\n### Project Management\n\nTrack progress, define process, work with Steve and Marky managing pull requests and releases dates.\n\nContributors:\n\n- Tracy Ragan\n- Neetu Jain\n- Priya Kashyap\n\n## GitOps\n\nResearch, define and Automate GitOps with Ortelius\n\nContributors,\n\n- Brad McCoy\n- Arvind Singharpuria\n- Amit Dsouza\n- Ayesha Khaliq\n- Saif Ul Islam\n- Kingsathurthi\n- Hamid Gholami\n- Anuja Kumari\n- Vrukshali Torawane\n- Joseph Akayesi\n- Rakesh Arumalla\n- Arnab Maity\n\n## Installation\n\nBrowse through the [Installation and Support Guide](http://docs.ortelius.io/guides/userguide/installation-and-support/) for detailed guidance on how to sign up for \u0026 set up Ortelius.\n\n## Support\n\n- [Issues](https://github.com/ortelius/ortelius/issues)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fortelius%2Fortelius","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fortelius%2Fortelius","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fortelius%2Fortelius/lists"}