If you are using ORT in your organization, please add your organization's name to the alphabetically sorted table below. This really helps the project to gain momentum and credibility. It is a small contribution back to the project with a big impact.
| Organization | Contact | Description of Use |
|---|---|---|
| Alliander | ospo@alliander.com | Alliander is mainly interested in the security side of the software supply chain. Alliander uses multiple tools and has evaluated even more, but currently ORT is unbeaten. ORT provides accurate and detailed scan results and allows us to define a thorough policy to use in evaluation. We are currently working to adopt ORT for thorough scans in addition to other tools. We are working with the community to get ORT running in GitHub Actions. |
| Cariad SE | oss@cariad.technology | Cariad uses ORT as the central orchestrator for end-to-end license and OSS compliance tooling with customized reports and data automation. All data produced is used by several services across the group. |
| Deutsche Telekom AG | daniel.eder@magenta.at | Deutsche Telekom is in the process of adopting ORT as part of our CI/CD chain and is working on a custom ORT reporter in our ORT fork. |
| Double Open | support@doubleopen.org | Double Open pilots in offering a SaaS solution to address Open Source compliance matters in a holistic workflow based on ORT. |
| EPAM Systems | opensource@epam.com | EPAM engineering teams can use ORT to check the licensing and security of their projects and to generate a Software Bill of Materials (SBOM). EPAM also uses ORT to help its clients with their Open Source challenges and provides a wide range of commercial support services around ORT. |
| HERE Technologies | opensource@here.com | HERE Technologies uses ORT to generate SBOMs for all its products and to manage licensing risks. |
| Porsche AG | Open_Source_Office@porsche.de | Porsche AG started using ORT in the year 2020 where we utilize ORT as a core service for FOSS Compliance and FOSS Vulnerabilities. Our approach is to run ORT as a service decentrally by logically decoupling the analyzer and scanner steps, where the Product Development Team takes the responsibility for running the analyzer and the Open Source Program Office takes the responsibility for running the scanner, curation, and report consolidation for auditing. |
| Robert Bosch GmbH | osm@bosch.com | Bosch is using ORT as a central Open-Source compliance and SBOM tool. ORT is used to assess Bosch's software products to ensure compliance regarding Open Source packages and code snippets. Additionally, the Advisor is being used for the detection of known security vulnerabilities. |
| Sovereign Cloud Stack | scs@osb-alliance.com | We are currently in the process of evaluating how to generate a complete SBOM of our stack and secure the software supply chain. We plan to use ORT to analyze our reference implementation as well as to add ORT to our recommended operator's toolset. |