Kusari Brings Enterprise-Grade AI Code Review & Dependency Management to CNCF and OpenSSF Communities

Kusari Inspector is now free to all CNCF and OpenSSF projects, delivering AI-powered dependency, license and security intelligence right in developer pull requests

RIDGEFIELD, Conn. & AMSTERDAM — KUBECON EU Stand #1141 —  Kusari, a leading innovator in software supply chain security, today announced partnerships with the Cloud Native Computing Foundation (CNCF) and the Open Source Security Foundation (OpenSSF) to make Kusari Inspector available free of charge to CNCF and OpenSSF open source projects.

Open source software underpins more than 90% of modern applications, and project maintainers are stretched thin by the deluge of AI-generated contributions. Plus, most maintainers are not security experts, nor should they have to be, to know what’s risky.

Kusari Inspector is an AI-powered code review and dependency analysis tool that delivers clear go/no-go recommendations via CLI or directly in GitHub pull requests. By surfacing context-aware guidance before changes are merged, Kusari Inspector enables maintainers and contributors to catch and remediate code, dependency, and license compliance risks without slowing development. Open source projects already adopting Kusari Inspector include Gemara, GitTUF, GUAC, in-toto/Witness, OpenVEX, Protobom and Supply-chain Levels for Software Artifacts (SLSA).

“Open source maintainers are balancing an ever-expanding set of responsibilities, and most of them didn’t sign up to be security experts,” said Michael Lieberman, Kusari Co-Founder and CTO. “We built Kusari Inspector to close the gap; delivering advanced security directly inside developer workflows and automating manual risk mitigation tasks. Now maintainers can make confident, informed decisions about contributions without becoming security specialists. Making it available to CNCF and OpenSSF projects is a natural extension of our commitment to the open source ecosystem.”

“The real breakthrough in securing the software supply chain is recognizing that dependency management—especially with the rise of AI-driven contributions—is a fundamentally cloud native challenge,” said Jonathan Bryce, executive director of CNCF. “Kusari Inspector delivers a key, automated layer to this process. It helps our contributors ensure projects remain secure while maintaining the high development velocity that our community demands.”

“OpenSSF has a long history of collaboration with Kusari—from the contribution of GUAC to maintaining OpenSSF Baseline and several upstream initiatives that deliver practical guidance,” said Steve Fernandez, GM of OpenSSF. “Making Kusari Inspector available to our projects helps translate that guidance into actionable security within real-world development workflows.”

The team will showcase Kusari innovations and open source initiatives to attendees at this week’s KubeCon + CloudNativeCon Europe 2026 in Amsterdam at Stand #1141. Maintainers can get started immediately with the Kusari CLI or GitHub App.

About Kusari

Kusari delivers end-to-end software supply chain security, helping organizations understand, secure, and manage risk across everything they build without friction. Powered by comprehensive SBOM analysis, Kusari provides a unified, highly accurate view of direct and transitive dependencies, vulnerabilities, and license risks across open source, AI-generated, and third-party code. Kusari is active in the open source security ecosystem, as a co-creator of GUAC (Graph for Understanding Artifact Composition) and contributor to several CNCF and OpenSSF initiatives. Founded by cybersecurity experts with deep experience in regulated industries, the company is backed by J2 Ventures, Glasswing Ventures, and Unusual Ventures.

Media Contact:

Jennifer Pospishek

pr_hotline@kusari.dev

408.839.2054