New version adds vulnerability scanning, code signing, and enforcement capabilities
Codenotary, leaders in software supply chain security, today announced new features in Codenotary Cloud that provide the first all-in-one, end-to-end software supply chain security and DevSecOps.
“It is immutable and tamper-proof providing users with full trust in the essential software they rely on to run their businesses. That is not trivial in today’s world where software supply chain attacks like log4j and SolarWinds have had far-reaching consequences.”
This latest version includes Codenotary’s own vulnerability scanning, in addition to the ability to integrate with other vulnerability scanners, which means Codenotary Cloud now provides assurance of a fully-trusted, tamper-proof software supply chain – from checking for vulnerabilities to cryptographic verification and ensuring the provenance of software artifacts and then tracking those in inventory in a Software Bill of Materials (SBOM). In addition, further enhancements have been made to Codenotary Cloud capabilities including extending the existing trust/untrust functionality to now allow policy enforcement that provides full protection in DevOps deployments.
Codenotary Cloud, first announced last month, reduces the cost to almost instantly identify and remove unwanted artifacts by up to 80% and delivers compliance with the U.S. Executive Order on Improving the Nation’s Cybersecurity.
“Our cloud service delivers simplicity combined with the industry’s most sophisticated capabilities for assuring a secure software supply chain,” said Moshe Bar, co-founder and CEO, Codenotary. “It is immutable and tamper-proof providing users with full trust in the essential software they rely on to run their businesses. That is not trivial in today’s world where software supply chain attacks like log4j and SolarWinds have had far-reaching consequences.”
Read More: Konsolidator Releases Self-Onboarding
Codenotary Cloud provides an end-to-end trusted software supply chain with integrity and authenticity. It can be scaled to millions of integrity verifications per second and gives developers a way to attach a tamper-proof SBOM for development artifacts that include source code, builds, repositories, and more, plus Docker container images for their software and Kubernetes deployments. The SBOM can make those instantly visible to customers, auditors and compliance professionals. It is built without uploading any data to the service, instead notarizing these artifacts using tamper-proof cryptographic verification to uniquely identify development artifacts. Each artifact retains a cryptographically strong identity stored inside immudb the open source immutable database developed by Codenotary.