Skip to content

Commit

Permalink
Merge pull request #214 from ortelius/hacktoberfest
Browse files Browse the repository at this point in the history
fix page layout
  • Loading branch information
sbtaylor15 authored Oct 24, 2024
2 parents 5ea8114 + 82dbb07 commit 386cb31
Show file tree
Hide file tree
Showing 18 changed files with 117 additions and 116 deletions.
138 changes: 68 additions & 70 deletions content/en/_index.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,41 +14,46 @@ description: Welcome to the Ortelius Open Source Project Site
</div>
{{< /blocks/section >}}

{{< blocks/section color=primary >}}
{{< blocks/section color=black >}}
<h1 class="text-center">Open-Source Continuous Vulnerability Management</h1>

<h1 class="text-center">You Should Always Know Where Log4J is Running</h1>
<hr>

{{< blocks/feature_dual >}}

<div style="margin-top:80px;margin-left:140px">
<div style="text-align:center;width:100%;margin-top:100px;margin-left:50px">
<img src="/images/ortelius-consolidate-concept.png" alt="Ortelius Vulnerability Evidence Store" height="558px" width="626px" />
</div>

{{< /blocks/feature_dual >}}

{{< blocks/feature_dual >}}

<div style="width:100%;margin-top:100px;max-width:500px">

Code-level vulnerabilities pose a significant risk in the intricate landscape of cloud-native environments. Ortelius provides end-to-end monitoring, reporting, and faster remediation of security issues throughout the software supply chain. With Ortelius, organizations can swiftly address vulnerabilities in open-source packages, reducing the risk of costly delays and potential security incidents.

The Ortelius community is dedicated to strengthening the software supply chain by identifying weak links and continuously analyzing vulnerabilities introduced throughout the DevSecOps pipeline - from code to cloud. To effectively manage code-level risks, Software Bill of Materials (SBOM) reports must be actively consumed and scanned for new threats that emerge daily. Simply generating an SBOM isn’t enough—analyzing and acting on the data is essential for a secure supply chain.
Many IT teams struggle to respond to threats due to the fragmented nature of decoupled, cloud-native architecture. [Sonatype’s 2024 Report](https://www.sonatype.com/en/press-releases/sonatypes-10th-annual-state-of-the-software-supply-chain-report) shows a 156% increase in open-source package vulnerabilities, exceeding 512k, with 80% of them unaddressed for over a year. Ortelius streamlines the remediation process by showing where impacted open-sources packages are running across the infrastructure for continuous package remediation.

Many IT teams struggle to respond to security threats due to fragmented intelligence spread across various tools, often managed only at the container level. Ortelius streamlines this process by gathering and aggregating security and DevOps intelligence, tracking open-source inventory and vulnerabilities at higher organizational levels, including logical applications, runtime environments, and entire domains.
The Ortelius Community, managed by the [Continuous Delivery Foundation](https://cd.foundation), maintains the latest version, with corporate support from [DeployHub](https://www.deployhub.com).

With Ortelius, you can easily answer the question, “where is Log4J running?”

The latest version of Ortelius is maintained by the Ortelius Community managed by the [Continuous Delivery Foundation](https://cd.foundation), part of the Linux Foundation. Corporate support comes from DeployHub with 80% of the codebase from DeployHub’s [Continuous DevSecOps Intelligence Dashboard](https://www.deployhub.com).

</div>
{{< /blocks/feature_dual >}}

{{< blocks/feature_dual >}}
<div style="text-align:center;width:100%">
<img src="/images/Ortelius-concept.png" alt="Ortelius Vulnerability Evidence Store" />
</div>


{{< /blocks/feature_dual >}}
{{< /blocks/section >}}


{{< blocks/section color=primary >}}
{{< blocks/section color=black >}}

<div class="col-12">
<h1 class="text-center">Ortelius Use Cases </h1>
<hr>
<h2 class="text-center">Ortelius Use Cases </h2>
<p></p>
</div>

{{% blocks/feature icon="fas fa-3x fa-box-open" title="Locate and Remediate Vulnerabilities" url="/microservicemapping/" %}}
{{% /blocks/feature %}}
{{% blocks/feature icon="fas fa-3x fa-share-square" title="Aggregate SBOMs" url="/catalog/" %}}
Expand All @@ -61,12 +66,10 @@ The latest version of Ortelius is maintained by the Ortelius Community managed b
{{< /blocks/section >}}


{{< blocks/section color=primary >}}
{{< blocks/section color=black >}}
<div class="col-12">
<h1 class="text-center">Ortelius Integrations</h1>

<hr>

</div>

<div class="col-sm"></div>
Expand All @@ -75,25 +78,30 @@ The latest version of Ortelius is maintained by the Ortelius Community managed b

{{% blocks/table_center %}}

| | | | | | | | | | | | | | | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| [Syft](https://docs.ortelius.io/guides/userguide/integrations/spdx-syft-cyclonedx/) | <i class="fas fa-3x fa-check-square"></i> |<p style="font-size:1.5em">[OpenSSF Scorecard](https://docs.ortelius.io/guides/userguide/integrations/openssf-scorecard/) </p> | <i class="fas fa-3x fa-check-square"></i> | <p style="font-size:1.5em">[SonarQube](https://docs.ortelius.io/guides/userguide/integrations/sonarqube/)</p> | <i class="fas fa-3x fa-check-square"></i> | <p style="font-size:1.5em">[VeraCode](https://docs.ortelius.io/guides/userguide/integrations/veracode/)</p> | <i class="fas fa-3x fa-check-square"></i> | <p style="font-size:1.5em">[Any CI/CD](https://docs.ortelius.io/guides/userguide/integrations/ci-cd_integrations/)</p> | <i class="fas fa-3x fa-check-square"></i> | <p style="font-size:1.5em">[OSV.dev](https://docs.ortelius.io/guides/userguide/integrations/osvdev/)</p> | <i class="fas fa-3x fa-check-square"></i> | <p style="font-size:1.5em">[Helm](https://docs.ortelius.io/guides/userguide/integrations/helmmetrics/)</p> | <i class="fas fa-3x fa-check-square"></i> | <p style="font-size:1.5em">[View All](https://docs.ortelius.io/guides/userguide/integrations/)</p> | <i class="fas fa-3x fa-check-square"></i> |
| | | | | | | | |
|---|---|---|---|---|---|---|---|
| |<p style="font-size:1.5em">[Syft](https://docs.ortelius.io/guides/userguide/integrations/spdx-syft-cyclonedx/) | <p style="font-size:1.5em">[OpenSSF Scorecard](https://docs.ortelius.io/guides/userguide/integrations/openssf-scorecard/) </p> | <p style="font-size:1.5em">[SonarQube](https://docs.ortelius.io/guides/userguide/integrations/sonarqube/)</p> | <p style="font-size:1.5em">[VeraCode](https://docs.ortelius.io/guides/userguide/integrations/veracode/)</p> | <p style="font-size:1.5em">[Any CI/CD](https://docs.ortelius.io/guides/userguide/integrations/ci-cd_integrations/)</p> | <p style="font-size:1.5em">[OSV.dev](https://docs.ortelius.io/guides/userguide/integrations/osvdev/)</p> | <p style="font-size:1.5em">[Helm](https://docs.ortelius.io/guides/userguide/integrations/helmmetrics/)</p> |


{{% /blocks/table_center %}}

<div style="font-size:1.8em;text-align:center;margin-top:10px">

[View All](https://docs.ortelius.io/guides/userguide/integrations/)
</div>

</div>
<div class="col-sm"></div>
{{< /blocks/section >}}




{{< blocks/section color=primary >}}
{{< blocks/section color=black >}}
<div class="col-12">


<h1 class="text-center">Get Involved:</h1>
<hr>
<h2 class="text-center">Get Involved</h2>
<p></p>
</div>
{{% blocks/feature icon="fab fa-3x fa-github-square" title="Contribute" url="/contributor/" %}}
Expand All @@ -106,81 +114,48 @@ The latest version of Ortelius is maintained by the Ortelius Community managed b
{{< /blocks/section >}}


{{< blocks/section color=primary >}}

<h1 class="text-center">Join the Ortelius Holiday Gathering December 11th, 20024 </h1>
<hr>

<div style="text-align:center;width:100%;margin-top:80px">
<p></p>
<img src="/images/2024HolidayPartyBanner.png" alt="Holiday Party" height="400px" width="589px" />
</div>

{{< blocks/section color=black >}}
<h2 class="text-center">Holiday Gathering December 11th, 20024 </h2>
{{< blocks/feature_dual >}}

<div style="text-align:center;width:100%;margin-top:80px">
<h2 class="text-center">Time to Celebrate Our Committers</h2>
</div>


<div style="margin-top:10px;margin-left:140px">
Join us on Wednesday, December 11th, 2024 for our annual holiday gathering.
<div style="margin-top:10px;margin-left:200px;">
Join us on Wednesday, December 11th, 2024 for our annual celebration of the Ortelius Contributor Community.

Why You Should Attend:

- Show your support for our dedicated Committers.
- Learn how to gather SBOM data via the CI/CD Pipeline.
- See how Ortelius leverages SBOM data to expose newly reported vulnerabilities across your Software Supply Chain.
<br>

<div style="font-size:1.5em">

[Register](https://us02web.zoom.us/webinar/register/WN_goeVVZm5Q9KIkROQp574Qw)
</div>
</div>

{{< /blocks/feature_dual >}}
{{< blocks/feature_dual >}}

<div style="text-align:center;width:100%;margin-top:80px">
<h2 class="text-center">Agenda </h2>
</div>

<strong>8:30-9:30 Beer and Donuts</strong><p>
Celebrate the dedicated committers that make up the Ortelius Family. Awards will be given to top Ambassadors, Champions and Legends.

<strong>9:45 - 11:30 Uncovering Code-Level Vulnerabilities: Strengthening Your CI/CD Pipeline for Continuous Vulnerability Management </strong><p>
Take a tutorial that walks you through how to manage vulnerabilities in real-time with Ortelius, and see how Ortelius serves as a single dashboard for security reporting, including OpenSSF Scorecard metrics. The team will then give a demo on how to integrate security tooling into your CI/CD pipeline using the Ortelius command line interface. It is time to start generating and consuming SBOM data as part of the DevOps pipeline. Ortelius makes it easy.

{{< /blocks/feature_dual >}}
{{< /blocks/section >}}

<div style="font-size:1.5em">

{{< blocks/section color=primary >}}
<h1 class="text-center">Our Inspiration </h1>
<hr>
[Register](https://us02web.zoom.us/webinar/register/WN_goeVVZm5Q9KIkROQp574Qw)
</div>
</div>

{{< /blocks/feature_dual >}}
{{< blocks/feature_dual >}}



## Abraham Ortelius

<div class="wrapdiv">
<img class="wrapdiv_image" src="images/abrahamortelius.jpg" alt="Abraham Ortelius" style="width:121px; height:170px" />
<p class="wrapdiv_text">Abraham Ortelius made his name by collecting data from scientists, geographers, and cartographers of his time and transforming it into what the world now knows as a world Atlas. His Atlas, titled Theatrum Orbis Terrarum (Theatre of the World), was published on May 20, 1570. His Atlas disrupted the way the world was seen, with the first concepts imagining continental drift. Also of interest are the sea monsters shown in the water – mythical creatures that were a subject of fascination in Ortelius’ generation.</p>
<div style="text-align:center;width:100%;margin-top:80px">
<p></p>
<img src="/images/2024HolidayPartyBanner.png" alt="Holiday Party" height="400px" width="589px" />
</div>
{{< /blocks/feature_dual >}}
{{< blocks/feature_dual >}}


## A Thought Leader in Sharing
Ortelius also in some ways created on open source community of his day. To accomplish his goal, he was the first cartographers to give credit to his fellow scientists by adding their names to the Atlas. Ortelius was known to have corresponded with other professionals throughout Europe and pulled together their knowledge to create his publication and a truly global view of the world.

Thank you Abraham Ortelius for showing us the way.
{{< /blocks/feature_dual >}}
{{< /blocks/section >}}


{{< blocks/section color=gray >}}
<div class="col-12">
</div>
Expand Down Expand Up @@ -219,5 +194,28 @@ Get started with Ortelius using the free SaaS version. Take a quick tutorial and
{{< /blocks/feature_dual >}}
{{< /blocks/section >}}

{{< blocks/section color=black >}}
<h1 class="text-center">Our Inspiration </h1>
<hr>

{{< blocks/feature_dual >}}



## Abraham Ortelius

<div class="wrapdiv">
<img class="wrapdiv_image" src="images/abrahamortelius.jpg" alt="Abraham Ortelius" style="width:121px; height:170px" />
<p class="wrapdiv_text">Abraham Ortelius made his name by collecting data from scientists, geographers, and cartographers of his time and transforming it into what the world now knows as a world Atlas. His Atlas, titled Theatrum Orbis Terrarum (Theatre of the World), was published on May 20, 1570. His Atlas disrupted the way the world was seen, with the first concepts imagining continental drift. Also of interest are the sea monsters shown in the water – mythical creatures that were a subject of fascination in Ortelius’ generation.</p>
</div>
{{< /blocks/feature_dual >}}
{{< blocks/feature_dual >}}


## A Thought Leader in Sharing
Ortelius also in some ways created on open source community of his day. To accomplish his goal, he was the first cartographers to give credit to his fellow scientists by adding their names to the Atlas. Ortelius was known to have corresponded with other professionals throughout Europe and pulled together their knowledge to create his publication and a truly global view of the world.

Thank you Abraham Ortelius for showing us the way.
{{< /blocks/feature_dual >}}
{{< /blocks/section >}}

70 changes: 35 additions & 35 deletions content/en/catalog/_index.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,97 +5,97 @@ summary: Use the Security Evidence You Already Collect
type: contributor
---

{{< blocks/section color=primary >}}

{{< blocks/section color=white >}}
<div class="col-12">
</div>

<div class="col-12">
<h1 class="text-center">Create Application Level SBOMS and View Real-time Vulnerabilities</h1>
<hr>
</div>
{{< blocks/feature_dual >}}

{{< blocks/feature_dual_left_sm >}}
<div style="margin-top:80px;margin-left:10px">

<div style="margin-top:80px;margin-left:70px">
<img src="/images/federatedsbom.png" alt="Federated SBOM" height="649px" width="711px"/>

## SBOM Consumption for Every Artifact

Ortelius is the go-to platform for DevOps and security engineers to view and analyze Software Bill of Materials (SBOMs) data. The Ortelius vulnerability evidence store collects SBOMs for every artifact update. It then aggregates the SBOM to all consuming logical applications, providing consolidated SBOMs in decoupled architecture.
</div>

In a decoupled architecture, each independently deployed container triggers its own pipeline, generating its own SBOM. For this reason, SBOM data becomes fragmented across artifacts and most often, left in the build directory where the pipeline was executed. This makes it difficult to get a complete view of a software application’s security profile, including any vulnerabilities overtime. Ortelius solves this by aggregating SBOM data, providing CISO and development teams with a comprehensive view of critical software supply chain intelligence for fast, informed responses to cyber threats.
{{< /blocks/feature_dual >}}
{{< blocks/feature_dual_left_sm >}}

Most importantly, Ortelius continuously scans OSV.dev and reports new vulnerabilities found after the software was deployed.

</div>
<div style="margin-top:80px;margin-left:10px">

{{< /blocks/feature_dual_left_sm >}}
{{< blocks/feature_dual>}}
## Logical Application SBOMs

<div class="col-center">
Ortelius aggregates Software Bill of Materials (SBOM) data across decoupled architectures to ensure comprehensive visibility, security, and compliance in modern software ecosystems. In decoupled systems, where services, applications, and components operate independently, each part may have its own dependencies, vulnerabilities, and licensing requirements.

<img src="/images/fullscreen-sbom-applevel-withvuln-hr.png" alt="Aggregated SBOM" height="450px" width="1400px" />
</div>
Aggregating SBOM data allows for a unified view of all software components and their supply chains. Ortleius helps organizations identify potential risks, manage vulnerabilities proactively, and maintain regulatory compliance. The Ortelius centralized oversight is essential for enhancing security posture, reducing blind spots, and ensuring that the entire architecture remains resilient and up-to-date despite its distributed nature.

{{< /blocks/feature_dual>}}
The Ortelius aggregated SBOM is critical for meeting [Executive Order 14028 - Improving the Nation's Cybersecurity](https://www.gsa.gov/technology/it-contract-vehicles-and-purchasing-programs/information-technology-category/it-security/executive-order-14028).

{{< /blocks/section >}}

<div style="font-size:1.6em;text-align:center;margin-top:10px">

[View Compete Application-level SBOM](/images/application-sbom.pdf)

{{< blocks/section color=white >}}
<div class="col-12">
</div>

{{< blocks/feature_dual >}}
</div>

<div style="margin-top:80px;margin-left:200px">
{{< /blocks/feature_dual_left_sm >}}
{{< /blocks/section >}}

<img src="/images/federatedsbom.png" alt="Federated SBOM" height="649px" width="711px"/>

{{< blocks/section color=primary >}}

</div>

{{< /blocks/feature_dual >}}
{{< blocks/feature_dual_left_sm >}}

<div style="margin-top:80px;margin-left:10px">

<div style="margin-top:80px;margin-left:70px">
## Continuous Vulnerability Updates

## Logical Application SBOMs
Using the stored SBOM data, Ortelius continuously scans for new vulnerabilities found long after the container was created. Continuous vulnerability scanning is essential because software systems are constantly evolving, and new security threats emerge regularly. As developers release updates, introduce new code, or integrate third-party components, new vulnerabilities may be inadvertently introduced.

In a decoupled architecture, component updates drive new application versions. Each time a shared component is updated, all of the consuming 'logical' applications have new SBOMs. Because Ortelius versions every component update, it automatically provides a new aggregated application level SBOM. This information is critical for meeting Government SBOM requirements such as [EO 14028](https://www.gsa.gov/technology/it-contract-vehicles-and-purchasing-programs/information-technology-category/it-security/executive-order-14028).
By scanning for vulnerabilities continuously, Ortelius helps organizations detect potential weaknesses as soon as they arise, enabling faster remediation and reducing the window of opportunity for cyberattacks. Continuous scanning ensures that security measures remain up-to-date, minimizing the risk of breaches and ensuring compliance with security standards in an ever-changing threat landscape.

</div>

<div style="font-size:1.6em;text-align:center;margin-top:10px">
{{< /blocks/feature_dual_left_sm >}}
{{< blocks/feature_dual>}}

[View Compete Application-level SBOM](/images/application-sbom.pdf)
<div class="col-center">

<img src="/images/fullscreen-vulnerabilities.png" alt="vulnerabilities" height="646px" width="1095px" />
</div>

</div>
{{< /blocks/feature_dual>}}

{{< /blocks/feature_dual_left_sm >}}
{{< /blocks/section >}}



{{< blocks/section color=gray >}}
<div class="col-12">
</div>

{{< blocks/feature_dual_left_sm >}}

<div style="margin-top:80px;margin-left:100px">

<div style="margin-top:80px;margin-left:200px">
<div style="margin-top:80px;margin-left:10px">

<img src="/images/Otelius-transparent1-300x290.png" alt="Ortelius" height="300px" width="290px"/>
</div>


</div>

{{< /blocks/feature_dual_left_sm >}}

{{< blocks/feature_dual >}}

<div style="margin-top:80px;margin-left:100px">
<div style="margin-top:80px;margin-left:10px">

## Conclusion and Get Started

Expand Down
2 changes: 1 addition & 1 deletion content/en/events/_index.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ menu:

<div style="text-align:center;width:100%;margin-top:80px">
<p></p>
<img src="/images/2024HolidayPartyBanner.png" alt="Holiday Party" height="400px" width="589px" />
<img src="/images/2024HolidayPartybanner-black.png" alt="Holiday Party" height="400px" width="589px" />
</div>

<div style="font-size:1.8em;text-align:center;margin-top:10px">
Expand Down
Loading

0 comments on commit 386cb31

Please sign in to comment.