Codenotary announced that the company's flagship product,
Trustcenter,
now offers the first integrated solution to support an always
up-to-date background scanning for any artifact, build, or software
stack.
Until
now, the safety of organizations' codebases was only protected during
each scan, still leaving them in a somewhat vulnerable position.
Trustcenter scans continuously in the background based on the latest,
up-to-the-minute threat intelligence from multiple sources. Once a
vulnerability is detected, Codenotary will immediately flag the
offending component and provide an alert with different options
available for remediation.
"We
understand the complexities many companies face when running
vulnerability scans and we know that because of this in many cases
organizations forgo regular scanning, leaving them vulnerable," said
Dennis Zimmer, co-founder and chief technology officer, Codenotary. "But
we all know better and the potential risks and costs are high without
continuous scanning. Codenotary now makes scanning simple to run by
automating the process and then makes that information actionable."
Trustcenter
provides an end-to-end trusted software supply chain with integrity and
authenticity. It can be scaled to millions of integrity verifications
per second and gives developers a way to attach a tamper-proof Software Bill of Materials (SBOM) for
development artifacts that include source code, builds, repositories,
and more, plus Docker container images for their software and Kubernetes
deployments. The SBOM can make those instantly visible to customers,
auditors and compliance professionals. It is built without uploading any
data to the service, and notarizes software artifacts using
tamper-proof cryptographic verification to uniquely identify those. Each
artifact retains a cryptographically strong identity stored inside immudb the open source immutable database developed by Codenotary.
With
Trustcenter it's possible to maintain trust status at the level of each
individual artifact at scale. Codenotary provides tools for
notarization and verification of the software development lifecycle
attesting to the provenance and safety of the code.