Skip to main content

Ortelius

Ortelius is an open-source microservice catalog and supply chain evidence store (software supply chain management) for tracking and visualizing application components and their relationships across continuous delivery pipelines.

  • Centralizes microservice and component metadata for application mapping (configuration management)
  • Tracks software Bill of Materials (BOM) and evidence across builds and deployments (software supply chain security)
  • Provides application versioning and dependency views for distributed architectures (release management)
  • Integrates with continuous delivery workflows and tooling under the Continuous Deployment (CD) Foundation umbrella (CI/CD pipeline integration)
  • Supports team collaboration around ownership, impact analysis, and governance of microservices (DevOps collaboration)

More About Ortelius

Ortelius is an open-source project focused on solving microservice sprawl and software supply chain visibility (software supply chain management) in environments that use continuous delivery and distributed application architectures. It maintains a catalog of microservices, application components, and their relationships so that teams can understand how services assemble into applications and how changes propagate through environments. The project is hosted under the CD Foundation, which centers its work on continuous delivery practices and tooling.

At its core, Ortelius maintains a centralized microservice catalog (configuration management) that captures component definitions, versions, ownership, and deployment metadata. This catalog supports application composition views, showing how multiple services and components form versioned application releases. By tracking each component as it moves through environments, Ortelius provides a historical record of what was deployed where, and when, which is useful for audit, compliance, and troubleshooting workflows.

Ortelius incorporates software BOM (SBOM) and evidence tracking capabilities (software supply chain security). It associates Software Bill of Materials (SBOM) data and related security or compliance evidence with specific component versions. This linkage allows enterprises to connect vulnerabilities or compliance findings to concrete runtime instances and deployment targets. The project positions this evidence store as part of the broader software supply chain, aligning with industry focus on traceability and provenance from build through deployment.

In enterprise and institutional environments, Ortelius is used alongside Continuous Integration and Continuous Deployment (CI/CD) tools (CI/CD pipeline integration) to ingest deployment and build information into its catalog. As part of the CD Foundation landscape, Ortelius is designed to interoperate with continuous delivery automation, where external systems trigger updates to the catalog when new versions are built or deployed. This creates a shared System of Record (SOR) for DevOps, platform, security, and compliance teams that need a unified view of microservice changes.

From an architectural and taxonomy perspective, Ortelius belongs in categories such as microservice configuration management, software supply chain visibility, and continuous delivery metadata management. Its focus on mapping service-to-application relationships, associating SBOMs and evidence with deployable units, and maintaining deployment history targets governance and risk management needs in distributed systems. For enterprises adopting microservices and continuous delivery, Ortelius provides a catalog and evidence layer that complements existing CI/CD, observability, and security tools by supplying a structured model of what software exists, how it is assembled, and where it is running.