Codenotary announced Codenotary Cloud, an inexpensive way to determine where a vulnerability, such as Log4j, exists.
Codenotary Cloud reduces the cost to almost instantly identify and remove unwanted artifacts by up to 80% and delivers compliance with the U.S. Executive Order on Improving the Nation’s Cybersecurity.
“A vulnerability scan tells you a malware is present, but then the problem is you need to find all the places it exists and that can often take weeks or months,” said Moshe Bar, co-founder and CEO, Codenotary. “With Codenotary Cloud, it’s possible to do that in seconds – with the ability to create, track, and query your software including the Software Bill of Materials (SBOM).”
Codenotary Cloud provides an end-to-end trusted software supply chain with integrity and authenticity. It can be scaled to millions of integrity verifications per second and gives developers a way to attach a tamper-proof SBOM for development artifacts that include source code, builds, repositories, and more, plus Docker container images for their software and Kubernetes deployments. The SBOM can make those instantly visible to customers, auditors and compliance professionals.
It is built without uploading any data to the service, instead notarizing these artifacts using tamper-proof cryptographic verification to uniquely identify development artifacts. Each artifact retains a cryptographically strong identity stored in Codenotary’s immutable database, immudb.
With Codenotary Cloud it’s possible to maintain trust status at the level of each individual artifact at scale. Codenotary Cloud provides tools for notarization and verification of the software development lifecycle attesting to the provenance and safety of the code.
Codenotary Cloud can be fully integrated with most vulnerability scanners and popular cloud-native continuous integration/continuous delivery (CI/CD) systems. The DevOps attestation service runs on any cloud or host as a managed service or customers can host themselves. Pricing starts at $5,500 for a workgroup of 10 developers.