Kusari Brings Enterprise-Grade AI Code Review & Dependency Management to CNCF and OpenSSF Communities

Kusari Inspector is now free to CNCF and OpenSSF projects, delivering AI-powered dependency, license and security intelligence right in developer pull requests

Kusari, a leading innovator in software supply chain security, today announced partnerships with the Cloud Native Computing Foundation (CNCF) and the Open Source Security Foundation (OpenSSF) to make Kusari Inspector available free of charge to CNCF and OpenSSF open source projects.

We built Kusari Inspector to deliver advanced security inside developer workflows. Now maintainers can make confident, informed decisions about contributions without becoming security specialists.”

— Michael Lieberman, Kusari Co-Founder and CTO

Open source software underpins more than 90% of modern applications, and project maintainers are stretched thin by the deluge of AI-generated contributions. Plus, most maintainers are not security experts, nor should they have to be, to know what’s risky.

Kusari Inspector is an AI-powered code review and dependency analysis tool that delivers clear go/no-go recommendations via CLI or directly in GitHub pull requests. By surfacing context-aware guidance before changes are merged, Kusari Inspector enables maintainers and contributors to catch and remediate code, dependency, and license compliance risks without slowing development. Open source projects already adopting Kusari Inspector include Gemara, GitTUF, GUAC, in-toto/Witness, OpenVEX, Protobom and Supply-chain Levels for Software Artifacts (SLSA).

Also Read: AiThority Interview with Glenn Jocher, Founder & CEO, Ultralytics

“Open source maintainers are balancing an ever-expanding set of responsibilities, and most of them didn’t sign up to be security experts,” said Michael Lieberman, Kusari Co-Founder and CTO. “We built Kusari Inspector to close the gap; delivering advanced security directly inside developer workflows and automating manual risk mitigation tasks. Now maintainers can make confident, informed decisions about contributions without becoming security specialists. Making it available to CNCF and OpenSSF projects is a natural extension of our commitment to the open source ecosystem.”

“The real breakthrough in securing the software supply chain is recognizing that dependency management—especially with the rise of AI-driven contributions—is a fundamentally cloud native challenge,” said Jonathan Bryce, executive director of CNCF. “Kusari Inspector delivers a key, automated layer to this process. It helps our contributors ensure projects remain secure while maintaining the high development velocity that our community demands.”

“OpenSSF has a long history of collaboration with Kusari—from the contribution of GUAC to maintaining OpenSSF Baseline and several upstream initiatives that deliver practical guidance,” said Steve Fernandez, GM of OpenSSF. “Making Kusari Inspector available to our projects helps translate that guidance into actionable security within real-world development workflows.”

The team will showcase Kusari innovations and open source initiatives to attendees at this week’s KubeCon + CloudNativeCon Europe 2026 in Amsterdam at Stand #1141. Maintainers can get started immediately with the Kusari CLI or GitHub App.

Also Read: ​​The Infrastructure War Behind the AI Boom

[To share your insights with us, please write to psen@itechseries.com]