Skip to main content

Welcome to Kusari

Look beneath the surface for full context into every level of your open source code and its dependencies, without the noise. Know your software, fix what matters, and prove you're in control.

Getting Started

Kusari offers two powerful products to secure your software supply chain:

Kusari Inspector: Automated security analysis in developer workflows

Catch security issues early by automatically analyzing pull requests and merge requests. Inspector evaluates dependencies, licenses, vulnerabilities, and workflows to provide actionable recommendations before code is merged.

Quick Start:

GitHub users: Install the GitHub App for automated PR analysis (recommended)
GitLab users: Add Inspector to your GitLab pipeline
CLI users: Run security scans locally or in any CI/CD environment

Learn more about Inspector →

Kusari Platform: Security that sees the full software supply chain

Upload and manage Software Bill of Materials (SBOMs) to gain visibility into your dependencies, track vulnerabilities, and maintain compliance across your software portfolio.

Quick Start:

Generate SBOMs for your applications
Upload SBOMs using your CI/CD pipeline or the Kusari CLI
Monitor vulnerabilities and get notified of issues

Learn more about Platform →

Integrations

Kusari integrates seamlessly with your existing workflows:

Source Control

GitHub

Automated pull request analysis with inline comments and status checks

GitLab

Merge request analysis in GitLab CI/CD pipelines

CLI

Command-line tool for local analysis and CI/CD pipelines

View all source control integrations →

CI/CD

GitHub Action

Automated SBOM upload via GitHub Actions workflow

GitLab CI/CD

GitLab pipeline integration for SBOM upload

CircleCI

CircleCI pipeline integration for SBOM upload

Azure DevOps

Azure Pipelines integration for SBOM upload

Bitbucket Pipelines

Bitbucket CI/CD integration

TeamCity

TeamCity build configuration for SBOM upload

Jenkins

Jenkins pipeline integration for SBOM upload

Kusari CLI

Core command-line tool for any CI/CD environment

View all CI/CD integrations →

Notifications & Ticketing

Slack

Send vulnerability alerts to Slack channels

Microsoft Teams

Post rich Adaptive Cards to Teams channels via Power Automate

Webhooks

Integrate with services that support webhooks

Jira

Automatically create Jira tickets for vulnerabilities

ServiceNow

Generate ServiceNow incidents from webhook events

View all integrations →

If you have questions that aren't answered in this documentation, please let us know!

Getting Started
- Kusari Inspector: Automated security analysis in developer workflows
- Kusari Platform: Security that sees the full software supply chain
Integrations