Kusari is partnering with the Open Source Security Foundation (OpenSSF) to offer Kusari Inspector free of charge to OpenSSF projects. The tool helps maintainers map dependencies, identify transitive risks, detect gaps in attestations and provenance, and integrate security checks directly into pull requests. Projects like GUAC, SLSA, in-toto/Witness, and others are already adopting it. The partnership aims to shift open source security from reactive incident response to proactive, workflow-integrated prevention — particularly important as AI-generated code becomes more common in open source development.
Sort: