Security has to be built on an open foundation

Open source software development is a powerful driver of secure software. Working together with a global community, we bring together the best ideas and get expert review of code as it’s developed. Consumers can audit the software to be sure it does what the developers say it does.

In line with these open source principles, the Kusari Platform integrates GUAC, an open source project co-developed by Kusari and contributed to the Open Source Security Foundation. If you’d like to join us in using and developing GUAC, join the GUAC community.

Kusari open source project contributions

GUAC.

Aggregates software security metadata into a high fidelity graph database to locate, store, analyze, and correlate software artifact data

Learn More
SLSA.

A security framework and checklist of standards and controls to prevent tampering, improve integrity, and secure packages and infrastructure

Learn More
OpenSSF Scorecard.

Understand a project’s security posture with an automated tool that assesses a number of important heuristics associated with software security

Learn More
CNCF Tag Security.

Facilitates collaboration to exchange and produce knowledge and resources for building security in the cloud native ecosystem

Learn More
OpenSSF Governing Board.

Responsible for overall management of the OpenSSF and guides the organization in fulfilling its mission

Learn More

Kusari’s community commitment

The Kusari team has a track record as a driving force in the open source community, creating tools and helping uplevel the technical know-how of developers and security teams.

Kusari is committed to partnering with open source communities to build innovative and interoperable tools for improving supply chain observability and security. To maintain the long-term trust of the community, we are deliberate and clearly communicate about what we release as open source.

Our team has played an influential role in the software supply chain security movement by:

Influencing the development of SLSA, the software supply chain framework, as part of the SLSA steering committee, and maintainer on the specification

Co-authoring the CNCF Secure Software Factory reference architecture and eBook Securing the Software Supply Chain

Thinking about the challenges holistically, leading to the creation and contribution to new open source tools, like FRSCA, GUAC, in-toto attestations, in-toto-golang, and Spector

Educating the community on software supply chain security, as project core maintainers and part of CNCF TAG Security, OpenSSF Governing Board, OpenSSF TAC and OpenSSF Working Groups

Securing the Software Supply Chain eBook

Learn from the experts: Securing the Software Supply Chain

A Manning publication by Kusari's CTO Michael Lieberman and Google's Brandon Lum focuses on threat modeling the SDLC and providing a flexible architecture along with some examples using tools, frameworks, and best practices.

By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.