The Last Step on the Security Journey: Kusari Platform
When you need a solution for managing your software supply chain, the Kusari Platform provides enterprise-ready features backed by security expertise.
Michael Lieberman
March 20, 2025
Nobody goes from zero to fully-mature software supply chain security in one giant leap. You take smaller steps along the way. After all, security is a journey, not a destination. In the previous post, you saw how the Whiskey Tasting Foundation started using GUAC to manage their growing collection of SBOMs. Now we’ll look at their final step on their security journey.
More than GUAC
The Foundation used the open source GUAC project to get a holistic view of their software supply chain. They’re able to quickly answer questions about their applications like “where does this new vulnerability exist?” and “how do we quickly remediate it?”. The Foundation got richer information about dependencies, vulnerabilities, and license information with GUAC’s suite of data collectors. They were able to use that information to create a Kubernetes admission controller, which prevented vulnerable containers from being deployed.
The scalability, power, and flexibility of GUAC gave the Whiskey Tasting Foundation insights into their software supply chain that they’d never had before. But like potato chips, once they got started, they couldn’t stop. Their GUAC installation started with the DevOps team, but one day the CISO heard about it and wanted to know more.
The Foundation’s CISO has an engineering background, but their job isn’t writing code. Some of the questions they wanted to answer required complicated GraphQL queries. The DevOps team offered to create dashboards for the CISO, but that didn’t seem like the best use of their time. “I heard about this company called Kusari,” the CISO said. “It seems like their platform can give us what we need.”
The power of the Kusari Platform
Kusari Platform takes the power of GUAC and makes it ready for the enterprise. Instead of dedicating time and resources to running in-house infrastructure, the Whiskey Tasting Foundation gets a SaaS platform managed by Kusari’s experts. But that’s only the start of it.
Developers get access to information like the Kusari Score and Effort to Fix. This helps them quickly understand the impact of vulnerabilities and prioritize remediation. They can use the Timeline View to track the vulnerabilities in a package over time. With the license listing, they can see if any of their dependencies have problematic software licenses. And because Kusari Platform ties into their build pipeline, they get updated information right away — no more waiting for the final pre-release checks to catch important issues.
The engineering manager rests easy because they can see how all of their teams are doing. With Kusari Platform’s webhook integration, they can easily create Jira tickets when new vulnerabilities are introduced, which helps them track and report within the Whiskey Tasting Foundation’s existing workflows. The CISO, legal team, and other executive stakeholders get a suite of analytics dashboards to see important trends. As the Kusari team adds new features, the Foundation gets them quickly.
You can see how the Kusari Platform brought supply chain enlightenment to the Whiskey Tasting Foundation. Remember, though, that it’s a journey. They started with a single SBOM and grew from there. If you’d like to start your organization on a security journey, schedule a demo with our team.
Like what you read? Share it with others.
.webp)
.webp)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.jpg)
Previous
No older posts
Next
No newer posts
Want to learn more?