Kusari
Kusari — Open-source software supply chain security platform generating and verifying SBOM provenance metadata.
Our Verdict
Interesting bet for supply-chain-security teams who like open source — not a plug-and-play GRC purchase.
Pros
- Open-source foundation for SBOM and provenance
- Verifies SLSA provenance of build artifacts
- Supply chain visibility across CI/CD pipelines
- Aligned with emerging US federal SBOM requirements
Cons
- Early-stage product with evolving feature set
- Requires engineering effort to integrate into pipelines
- Smaller team and community than OSS security incumbents
- Business model and pricing still maturing
Best for: Platform teams building secure software supply chains from scratch
Not for: Compliance buyers who want a turnkey SOC 2 or FedRAMP tool
When to Use Kusari
Good fit if you need
- SBOM generation and signing for software supply chain
- SLSA provenance attestation for CI/CD pipeline artifacts
- Open-source dependency integrity verification via GUAC
- Supply chain risk scoring for enterprise vendor assessment
- Software attestation for NIST SSDF and EO 14028 compliance
Lock-in Assessment
Medium 3/5
Lock-in Score 3/5
Data Portability: api_only
Pricing
Price wrong?Kusari Pricing
- Pricing Model
- custom
- Free Tier
- No
- Entry Price
- —
- Enterprise Available
- No
- Transparency Score
- —
Beta — estimates may differ from actual pricing
1,000
1001K10K100K1M
Estimated Monthly Cost
$25
Estimated Annual Cost
$300
Estimates are approximate and may not reflect current pricing. Always check the official pricing page.
Community Discussion
Comments powered by Giscus (GitHub Discussions). You need a GitHub account to comment.