Open Delivery Gear¶
Compliance is not living next to software. Instead, it is an integral part of it.
Open Delivery Gear (ODG) integrates compliance into the software lifecycle through automated scanning, tracking, and reporting of security findings, vulnerabilities, and compliance issues for your OCM components.
What is ODG?¶
Open Delivery Gear is a comprehensive compliance automation platform that:
Scans OCM components for vulnerabilities, license compliance, and security issues
Tracks findings throughout the component lifecycle with configurable processing times
Replicates issues to GitHub for visibility and workflow integration
Generates SBOMs (Software Bill of Materials) for transparency and compliance
Manages responsibles by automatically assigning findings to the right teams
Key Features¶
Continuous scanning of OCI images, source code, and runtime artefacts using industry-standard tools like BDBA, ClamAV, and Syft.
Centralized view of all findings with filtering, sorting, and drill-down capabilities to understand your security posture.
Automatic creation, updating, and closing of GitHub issues based on finding state and processing times.
Intelligent assignment of findings to component owners and teams based on configurable rules and strategies.
Getting Started¶
Note
New to ODG? Start here to understand the fundamentals and how to run and extend it.
Guided learning journey starting with OCM fundamentals all the way to running and extending ODG
Getting Started
Concepts¶
Deep-dive into ODG architecture, data models, and how extensions work
How-to Guides¶
Step-by-step instructions for common tasks and workflows
Tutorials¶
Guided lessons to learn ODG by doing
Tutorials
References¶
Technical specifications, API documentation, and configuration references
Additional Resources¶
Source code, issues, and contributions
Core service implementation
Learn about OCM
Note
This documentation is organised using the Diataxis framework:
Getting Started: Introduction and orientation for new users
Tutorials: Learning-oriented lessons
How-to Guides: Problem-oriented, goal-focused instructions
Concepts: Understanding-oriented explanations
References: Information-oriented technical descriptions