Lewes, DE – April 1, 2026 - CleanStart today announced two major milestones in the open source security ecosystem: it has been recognized as an official data contributor to OSV.dev and has achieved native support in OSV Scanner, a widely used vulnerability scanning tool maintained by Google.

Together, these milestones position CleanStart as a security-transparent, production-ready container distribution aligned with the global vulnerability intelligence ecosystem.

Recognition Meets Real-World Detection

OSV.dev is widely regarded as the industry standard for publishing and consuming open source vulnerability data. It powers vulnerability detection across platforms such as GitHub Security and integrates with tools used by enterprises worldwide.

With this recognition, CleanStart joins a select group of contributors including Microsoft, GitHub, Red Hat, and Canonical.

OSV.dev contributor status is not a partnership badge. It is earned, reflecting that CleanStart’s vulnerability data meets the quality and consistency standards required for global, machine-consumable security intelligence.

In parallel, OSV Scanner support ensures that this data is automatically consumed in real-world scanning workflows, without requiring additional configuration.

What Was Delivered

CleanStart’s security advisories are now:

• Published on OSV.dev and publicly verifiable

• Automatically consumed by the scanning ecosystem

• Natively supported by OSV Scanner for accurate detection

Through contributions to Google’s open-source repositories, OSV Scanner can identify CleanStart containers and map installed packages directly against CleanStart’s advisory database in real time.

By the Numbers

• 500+ published security advisories and growing

• Daily automated updates for real-time vulnerability intelligence

• Proprietary advisory format (CLEANSTART-YYYY-XXXXX) for full traceability

• Public ecosystem visibility via OSV.dev

Why This Matters for Enterprises

Security Transparency

Every vulnerability affecting CleanStart images is publicly documented and independently verifiable.

Scanner Compatibility

CleanStart advisories are automatically consumed by tools such as Grype, Trivy, and OSV Scanner, ensuring consistent detection across environments.

Compliance Readiness

Security and procurement teams can independently validate CleanStart’s vulnerability management posture using publicly available data.

Vendor Trust Signal

OSV.dev recognition provides external validation of CleanStart’s security practices, moving beyond vendor claims to ecosystem-level accountability.

Foundation for Broader Adoption

With standardized vulnerability data and native scanner support in place, CleanStart establishes a foundation for integration across commercial platforms such as Prisma Cloud, Wiz, and Snyk.

This enables seamless adoption within enterprise security stacks without requiring custom integrations.

Competitive Positioning

Participation in OSV.dev is limited to organizations that actively contribute high-quality vulnerability data.

Distributions such as Alpine Linux, Ubuntu, and vendors like Red Hat are part of this ecosystem.

With these milestones, CleanStart now operates on equal footing within the global vulnerability disclosure landscape. Many container image providers do not contribute to OSV.dev, limiting transparency and independent verification, making this a clear point of differentiation.

About CleanStart

CleanStart provides trusted software foundations for modern infrastructure by building verifiable container images from verified sources using reproducible, hermetic build pipelines. Founded by Nilesh Jain, Vijendra Katiyar and Biswajit De, each with more than 2 decades in global cybersecurity leadership, CleanStart helps organizations reduce risk, secure their software supply chain, and maintain continuous trust from build to runtime across environments.