Codenotary announced that the company’s flagship product, Trustcenter, now offers the first integrated solution to support an always up-to-date background scanning for any artifact, build, or software stack.
Until now, the safety of organizations’ codebases was only protected during each scan, still leaving them in a somewhat vulnerable position. Trustcenter scans continuously in the background based on the latest, up-to-the-minute threat intelligence from multiple sources. Once a vulnerability is detected, Codenotary will immediately flag the offending component and provide an alert with different options available for remediation.
“We understand the complexities many companies face when running vulnerability scans and we know that because of this in many cases organizations forgo regular scanning, leaving them vulnerable,” said Dennis Zimmer, co-founder and chief technology officer, Codenotary. “But we all know better and the potential risks and costs are high without continuous scanning. Codenotary now makes scanning simple to run by automating the process and then makes that information actionable.”
Trustcenter provides an end-to-end trusted software supply chain with integrity and authenticity. It can be scaled to millions of integrity verifications per second and gives developers a way to attach a tamper-proof Software Bill of Materials (SBOM) for development artifacts that include source code, builds, repositories, and more, plus Docker container images for their software and Kubernetes deployments. The SBOM can make those instantly visible to customers, auditors and compliance professionals.
It is built without uploading any data to the service, and notarizes software artifacts using tamper-proof cryptographic verification to uniquely identify those. Each artifact retains a cryptographically strong identity stored inside immudb the open source immutable database developed by Codenotary.
With Trustcenter it’s possible to maintain trust status at the level of each individual artifact at scale. Codenotary provides tools for notarization and verification of the software development lifecycle attesting to the provenance and safety of the code.