Contributed by Saim Safdar
Ortelius is an Open Source Supply Chain Catalog that untraps DevOps and security intelligence siloed across containers and pipelines. Ortelius is one of the most diverse and inclusive community projects at the CDF with committers from all over the world.
Ortelius uses a microservice architecture allowing committers to submit “bounded context” functions which reduces the need for immediate collaboration and communication. The project team strives to give everyone their own swim lane where they can work efficiently, and not feel they are holding back any aspect of the project. We believe everyone has the right to express their ideas in their own contributions.
Every 6 months, in May and December, the Ortelius community hosts a “Microservice Visionaries Summit,” a gathering to celebrate the community committers of Ortelius, discuss microservice best practices, award recognition badges, and drive awareness of the benefits of implementing a central evidence store of DevOps and security intelligence.
May 2022: Visionaire Summit Highlights
Recognization badges were awarded during the “Beer and Donuts” gathering followed by Saim Safder covering outreach contributions. A panel discussion was held on the benefits of using a central evidence store catalog, followed by ten 10-minute lighting talks including Utkarsh Sharma on microservices architecture and design patterns, Sergio Canales on Team Topologies from the field, Turja Narayan Chaudhuri on microservice catalog and developer productivity and Steve Taylor on SBOMs to harden cybersecurity. View the entire event on demand.
December 2022: Holiday Gathering Highlights
Again, the event started with “Beer and Donuts” where recognition badges were awarded, followed by a year in review by Saim Safder. Sacha Wharton presented on committer tools to help new members become efficient developers. Steve Taylor taught us how to add Ortelius to the pipeline using the CLI. Following Steve were three amazing Lightning talks. View the entire event on demand.
The next virtual Ortelius Visionaries Summit is scheduled for May 19, 2023. Everyone is welcome to participate. Join the action.
Building an Immutable SBOM Ledger
On July 20, 2022, DeployHub, leaders in microservice governance, announced they had been awarded a $75k grant on behalf of the Ortelius project, to improve the historical tracking and audits of software bill of materials reports, a key tool in hardening cybersecurity. DeployHub will apply the grant funding to the Ortelius.io open source project, incubating at the Continuous Delivery Foundation. The XRPL Grant program, sponsored by Ripple, provides funding to support software development projects that leverage the open-source XRP Ledger (XRPL). The $75k grant is being paid out to contributors who submit pull requests for any issues labeled “Bounty” in the Ortelius GitHub project. All are welcome to join the Ledger team and earn from the Bounty program. You can review the Bounty issues by visiting the Ortelius GitHub Repo.
Along with 5 other CDF projects, Ortelius’s open source community participated in the yearly Hacktoberfest event. The team completed 23 pull requests, got lots of documentation completed and tied up many loose ends. Thank you to DigitalOcean for hosting this amazing event every year to encourage people from all over the globe to contribute to open source. Read the Ortelius 2022 Hacktoberfest Wrapup here.
Each year, the Ortelius community creates ways for individuals to earn Ambassador badges. Blogging is part of the Ambassador program. To that end, from February 1 through April 15, Ortelius runs their Winter/Spring BlogAThon. Anyone can submit a Blog on any relevant topic. There is still time to participate. If you have never submitted a blog to an open-source community, learn the steps and start earning your Ortelius Ambassador badge.
Meet the Ortelius Team at a Conference in 2023
Ortelius has a very busy schedule for 2023. The Ortelius contributors will be participating in the Open Source Summit NA, cdCon and OpenSSF days in Vancouver, Canada from May 8–11. In addition, some of the team will be presenting at JFrog’s SwampUp to be held on May 11 in San Jose.
Catch up with Tracy Ragan, Steve Taylor, Garima Bajpai and others during this week of learning and networking.
May 8: cdCon
11:30 – Learn New Ways of Tracking Security and DevOps Intelligence with Ortelius
Speaker: Tracy Ragan
3:30 – The Continuous Delivery Paradox – Balancing Value with Speed Panel
Speaker: Garima Bajpai
May 10: Open Source Summit
10:00 – Keynote New Tools for Securing Open Source
Speaker: Tracy Ragan
May 10: OpenSSF Days
12:05 – What’s new in the world of SBOMs Panel
Speaker: Tracy Ragan
1:20 – It’s time to harden the DevOps Pipeline with Security
Speaker: Steve Taylor
Ortelius 2023 Project Road Map
The Ortelius Architecture team has finalized the new 2023 Ortelius Architecture. The new design will update the UI and modernize the backend architecture to be a pure microservice implementation. The new architecture includes an immutable ledger for historical SBOM tracking as well as a potential integration with a Universal Object Reference, or extended OCI registry.
The Ortelius open-source community is an inclusive and diverse project offering many ways to participate. From coding to blogs and presentations, there is something for every skill level. If you are an experienced coder, you can get involved in building the new ledger-based architecture. If you want to work on your writing and presentation skills, the community has your back. Consider joining Ortelius. It is easy to do. Just add yourself to the Ortelius Google Group and you will get all of the details to get involved. You can learn more about Ortelius at Ortelius.io.