You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
CNCF and the OpenSSF have partnered with Kusari to provide Kusari Inspector — a tool for evaluating the security posture of pull requests and code repositories — to projects for free. Inspector gives full visibility into versions, licenses, and security risks for direct and transitive dependencies.
How do I sign up?
Visit https://us.kusari.cloud/signup and select the free trial. Kusari and foundation staff will ensure the full product is unlocked for all CNCF and OpenSSF GitHub orgs. If you don’t have permission to add the GitHub app to the organization/repository, ask a maintainer or the appropriate foundation staff.
What if I want to try it out before installing the GitHub app?
You can scan a GitHub pull request using the PR Scanner tool in the Kusari Console. You can also use the kusari-cli tool to scan any git diff from the terminal.
How should I use this?
Add the Kusari Inspector GitHub application to your organization/repositories to get immediate supply chain security feedback on each pull request. You should consider making the check blocking to prevent merging when Inspector finds critical issues.
Use the risk check feature to evaluate your own repository’s security practices or to evaluate your dependencies.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
What is this?
CNCF and the OpenSSF have partnered with Kusari to provide Kusari Inspector — a tool for evaluating the security posture of pull requests and code repositories — to projects for free. Inspector gives full visibility into versions, licenses, and security risks for direct and transitive dependencies.
How do I sign up?
Visit https://us.kusari.cloud/signup and select the free trial. Kusari and foundation staff will ensure the full product is unlocked for all CNCF and OpenSSF GitHub orgs. If you don’t have permission to add the GitHub app to the organization/repository, ask a maintainer or the appropriate foundation staff.
What if I want to try it out before installing the GitHub app?
You can scan a GitHub pull request using the PR Scanner tool in the Kusari Console. You can also use the kusari-cli tool to scan any git diff from the terminal.
How should I use this?
Add the Kusari Inspector GitHub application to your organization/repositories to get immediate supply chain security feedback on each pull request. You should consider making the check blocking to prevent merging when Inspector finds critical issues.
Use the risk check feature to evaluate your own repository’s security practices or to evaluate your dependencies.
How do I get help?
If you have questions, feedback, or feature suggestions, please join the discussion at https://github.com/kusaridev/community/discussions.
Do I have to use this tool?
Projects are under no obligation to use Kusari Inspector. You can stop — or start — using it at any time.
Beta Was this translation helpful? Give feedback.
All reactions