Kusari, a software supply chain security startup, has announced the release of the Kusari Platform. By ingesting Software Bill of Materials (SBOM) data – a list of all software components – the platform presents a timeline of the software to identify where impacts are likely to surface. In creating a single source of truth, Kusari is helping security, engineering, legal, finance, and regulatory teams gain visibility into their software, so they can quickly detect vulnerabilities, identify open source licensing issues, and conduct compliance checks.

“Kusari takes a proactive approach to security, focusing on understanding the software development lifecycle and correlating data to identify and address issues before they have an impact,” said Tim Miller, CEO & Co-Founder of Kusari. “While companies are currently focused on scanning for issues after the build or simply storing their SBOMs, our platform helps them augment, track, correlate, distill, and use that data to see exactly what is happening and make decisions across their software ecosystem.”

Kusari helps organizations gain visibility into the following areas:

• Vulnerabilities: With Kusari’s timeline view, security teams can easily attribute the current vulnerability path so remediated vulnerabilities don’t get lost as new ones arise. Kusari also helps them know in minutes, rather than weeks or months, if they are affected by a breach and to what degree so they can quickly move into a plan for the fix. Out of the box, the platform ranks and prioritizes issues, which gives security teams context for decision making.
• Licensing: Every piece of open source software has unique licensing requirements. By tracking licensing information and integrating with ClearlyDefined, part of the Open Source Initiative, Kusari provides accurate information on open-source licensing, helping organizations understand the legal implications of the software they use.
• Compliance: Companies face new regulations requiring them to have SBOMs for their software, such as the CISA’s Secure Software Development Attestation Form, Executive Order 14028, the Federal Drug Administration’s updated provisions for medical device cybersecurity, and the Cyber Resilience Act. As more regulations arise, Kusari helps organizations prove that they understand what is happening in their software and that they are meeting regulatory requirements.

The Kusari platform builds upon open source software Graph for Understanding Artifact Composition (GUAC), which Kusari co-created and contributed to the OpenSSF. GUAC provides the ability to ingest software metadata like SBOMs, and Kusari adds insights in easy-to-use dashboards that show when vulnerabilities, license information, and version changes occurred, to provide better visibility and actionable insights.

The launch of Kusari’s new platform follows the company’s recent announcement of $8 million in combined Pre-Seed and Seed Round funding.