Virtualization Technology News and Information
Codenotary First to Provide Search Capability for Software Artifacts and SBOMs
Codenotary announced that the company's leading product, Trustcenter v3.0, is the first to add a pervasive search capability to find software artifacts that may present problems, along with their change history including the runtime of a container.

Until now, organizations with millions or billions of artifacts had no way to efficiently sift through all their software code when a new problem is identified - sometimes taking months to identify and resolve vulnerabilities. Codenotary's Trustcenter enables quick ad hoc querying of the status of a single or multiple artifacts and their change history, either from a command line tool or from a graphical user interface.

"We are making Software Bill of Materials (SBOMs) actionable. Without search, SBOMs and code signing information is not very useful," said Dennis Zimmer, co-founder and chief technology officer at Codenotary. "Deep search capability can be used as part of an organization's compliance, auditing, and forensics activity to maintain a secure software supply chain. It can reduce the time to identify and resolve issues from months to minutes."

Codenotary's Trustcenter v3.0 can be used to secure all stages of a CI/CD (continuous integration/continuous delivery) pipeline. With attestation (notarization and authentication) of every step in the pipeline, that includes vulnerability scanner results, and evidence maintained in a tamper-proof and immutable service, makes it possible to reach and track Level 1 up to 4 of the SLSA (Supply-chain Levels for Software Artifacts) standard.

Codenotary provides tools for notarization and verification of the software supply chain attesting to the provenance and safety of the artifacts. The company provides an indelible solution for processing millions of transactions per second, on-premises or in the cloud, and with cryptographic verification. It gives DevOps a way to generate and attach and link an actionable SBOM for software artifacts that include source code, builds, repositories, and more, plus container images for their software. Trustcenter is the first to track changes in a SBOM during the runtime of a container.

Storing all of this in an immutable database is key to making this information trusted and usable for compliance, audits, and forensics. Codenotary is the primary maintainer of immudb, the first and only open source enterprise-class immutable database with data permanence at scale for demanding applications -- up to billions of transactions per day. There have been more than 15 million downloads of immudb to date, which serves as the foundation for the company's supply chain security products.

As a resource for anyone wanting to learn more about SBOMs, Codenotary maintains an informational site with up-to-date information on SBOM and other supply chain protection subjects,

Published Wednesday, October 19, 2022 1:49 PM by David Marshall
Filed under:
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<October 2022>