As the challenges of securing software supply chains grow, adopting robust and automated security practices is more crucial than ever. OpenSSF Scorecard, developed by the Open Source Security Foundation (OpenSSF), provides a reliable framework for assessing the security posture of open-source projects. Complementing this, Ortelius offers an open-source solution for continuous vulnerability tracking and management, seamlessly integrating with tools like OpenSSF Scorecard and OSV.dev.
Jenkins, as a CI/CD powerhouse, adds another critical layer to this ecosystem, making it an ideal platform for advancing continuous vulnerability management. This talk will showcase how integrating Ortelius and OpenSSF Scorecard into Jenkins pipelines enables teams to automate vulnerability scans, monitor security metrics, and address threats with greater efficiency. Attendees will gain practical insights into leveraging these tools together to build a secure, automated, and resilient software delivery lifecycle.