Codenotary has revealed that the Trustcenter v3.0 adds a pervasive search capability to find software artifacts that may present problems, along with their change history including the runtime of a container.
Until now, organizations with millions or billions of artifacts had no way to efficiently sift through all their software code when a new problem is identified – sometimes taking months to identify and resolve vulnerabilities.
Codenotary’s Trustcenter enables ad hoc querying of the status of a single or multiple artifacts and their change history, either from a command line tool or from a graphical user interface.
“We are making Software Bill of Materials (SBOMs) actionable. Without search, SBOMs and code signing information is not very useful,” said Dennis Zimmer, co-founder and chief technology officer at Codenotary.
“Deep search capability can be used as part of an organization’s compliance, auditing, and forensics activity to maintain a secure software supply chain. It can reduce the time to identify and resolve issues from months to minutes.”, Zimmer continued.
Codenotary’s Trustcenter v3.0 can be used to secure all stages of a CI/CD (continuous integration/continuous delivery) pipeline. With attestation (notarization and authentication) of every step in the pipeline, that includes vulnerability scanner results, and evidence maintained in a tamper-proof and immutable service, makes it possible to reach and track Level 1 up to 4 of the SLSA (Supply-chain Levels for Software Artifacts) standard.
Codenotary provides tools for notarization and verification of the software supply chain attesting to the provenance and safety of the artifacts. The company provides an indelible solution for processing millions of transactions per second, on-premises or in the cloud, and with cryptographic verification.
It gives DevOps a way to generate and attach and link an actionable SBOM for software artifacts that include source code, builds, repositories, and more, plus container images for their software. Trustcenter is the first to track changes in a SBOM during the runtime of a container.
Storing all of this in an immutable database is key to making this information trusted and usable for compliance, audits, and forensics. Codenotary is the primary maintainer of immudb, the open source enterprise-class immutable database with data permanence at scale for demanding applications — up to billions of transactions per day.
There have been more than 15 million downloads of immudb to date, which serves as the foundation for the company’s supply chain security products.