Open source is a shared garden
And we feel a responsibility to contribute.
Building security for all developers
We build open source projects and contribute to them
We’ve dedicated our careers to building open source security tools because we believe in helping developers—from individual maintainers and contributors to massive enterprises. That’s why we’re so active in open source security solutions that work for the whole community.
Projects we actively maintain and contribute to
Graph for Understanding Artifact Composition (GUAC)
Aggregates software security metadata into a high fidelity graph database to locate, store, analyze, and correlate software artifact data.
Open Source Project Security (OSPS) Baseline
A minimum definition of security requirements for a project relative to its maturity level.
Allstar
GitHub App that continuously monitors for adherence to security best practices.
Open Source Security Foundation (OpenSSF) Scorecard
Assess open source projects for security risks through a series of automated checks.
Supply-chain Levels for Software Artifacts (SLSA)
A security framework and checklist of standards and controls to prevent tampering, improve integrity, and secure packages and infrastructure.
ClearlyDefined
A centralized and curated data store for open source software licenses.
Leading from the front
We contribute to the definitions, requirements, and government policies for what makes open source secure
Contributing at the project level is just the start. We extend our expertise to guiding open source standards for the entire community to ensure security is prioritized and accessible for all. That’s why we are so involved in the Open Source Security Foundation (OpenSSF) and many others that are hosted by the Linux Foundation.
Advisories we actively guide
OpenSSF Governing Board
Responsible for overall management of the OpenSSF and guides the organization in fulfilling its mission.
Open SSF Technical Advisory Council
Develops the overall technical vision and provides oversight of the OpenSSF technical communities.
Open SSF Supply Chain Integrity Working Group
Help individuals and organizations assess and improve the security of end-to-end supply chains for open source software.
CNCF Technical Advisory Group
Facilitates collaboration to exchange and produce knowledge and resources for building security in the cloud native ecosystem. Guides technical strategy, best practices, and standards across the cloud-native ecosystem.
Meet our contributors
CTO & Co-Founder
Mike Lieberman
Governing Board & Technical Advisory Council - OpenSSF
TAG Security & Compliance Tech Lead - CNCF
CPO & Co-Founder
Parth Patel
Co-Creator & Lead Maintainer - GUAC
Maintainer - in-toto Attestation, in-toto golang
Community Leader
Ben Cotton
Maintainer - Open Source Project Security Baseline
OpenSSF Golden Egg Award Winner - 2025
Transparency in everything we do
We use and curate all of these open source tools and frameworks in our commercial solutions
From open source to our own Kusari product
Most security products are built in a black box. Not Kusari. We take the best of open source security, add our unique expertise, then package that back to you for the clearest picture of how to fix any vulnerabilities in your code.Now you can get the enterprise features you need, curated from the expertise and unique perspective of leaders in open source security.
Some open source technologies we use
Contributions that go beyond code
We contribute our time, talent and voice as open source security project maintainers, on working groups, reference architectures, white papers, speaking engagements
