Kusari makes its AI-driven code review and dependency security tool free for CNCF and OpenSSF projects, aiming to ease maintainer burden and secure the open source supply chain amid rising AI-generated code.
Kusari has partnered with the Cloud Native Computing Foundation and the Open Source Security Foundation to make its AI-powered tool, Kusari Inspector, available free of charge to open source projects under both ecosystems.
Kusari Inspector delivers AI-driven code review and dependency analysis, offering dependency intelligence, licence compliance checks, and security risk insights. It provides clear go/no-go recommendations via CLI and directly within GitHub pull requests, enabling early risk detection and faster remediation without slowing development workflows.
The move targets a growing challenge in open source. With over 90% of modern applications relying on open source software, maintainers are increasingly overwhelmed by AI-generated contributions and often lack specialised security expertise. Managing dependencies, compliance, and vulnerabilities at scale has become a critical bottleneck.
“Open source maintainers are balancing an ever-expanding set of responsibilities, and most of them didn’t sign up to be security experts,” said Michael Lieberman. “We built Kusari Inspector to close the gap; delivering advanced security directly inside developer workflows and automating manual risk mitigation tasks. Now maintainers can make confident, informed decisions about contributions without becoming security specialists. Making it available to CNCF and OpenSSF projects is a natural extension of our commitment to the open source ecosystem.”
The tool is already in use across projects including Gemara, GitTUF, GUAC, in-toto/Witness, OpenVEX, Protobom, and SLSA, reinforcing its role in strengthening software supply chain security within cloud-native and AI-driven development environments.
