Scribe Security launched evidence-based security trust hub, offering a true end-to-end software supply chain security.
In recent years, software supply chains—both open-source and proprietary CI/CD pipelines— have become more attack-prone than ever before. In 2022, Gartner listed digital supply chains as a top trend to watch and a major rising attack surface. That puts the integrity of organizations’ code, customers, and brand reputation at risk. Even one bad software component or a security gap in the CI/CD that may lead to malicious access to the development environment can be enough.
Security professionals, software engineers, and DevOps teams are challenged with building transparent, evidence-based trust in the software they use or deliver. Scribe Security took the lead and became the first vendor to introduce the concept of one, consolidated hub for security evidence for software products, launching a friendly and easy-to-use platform.
Unlike other software supply chain security solutions, Scribe’s evidence-based security hub supports a workflow for sharing SBOMs, along with other security aspects of software, across or within enterprises, making software products’ security transparent to customers, buyers, and security teams.
“SBOM is a best practice that is expected to become widely required and used to mitigate software supply chain risks. With that in mind, we decided to be the pioneers and launch a simple-to-use platform that serves as a hub for a plethora of security evidence for software products,” said Rubi Arbel, Scribe Security Co-founder, and CEO. “Scribe’s platform offers a complete self-serve experience. It is easy to implement and use, as it is plugin and CLI-based. And finally, you can start with a freemium, no strings attached.”
Scribe continuously attests to the software’s trustworthiness, so stakeholders can:
- Ensure a secure development process
- Build and enforce SDLC processes
- Validate that the code is tamper-free
- Gauge compliance to software supply chain standards such as SSDF and SLSA
“Validating software integrity is challenging,” said Danny Nebenzahl, Scribe Security Co-founder, and CTO. “Today, we introduce to the market a novel technology that offers a holistic solution for continuous and evidence-based assurance of software components and artifacts as well as CI/CD processes. We make sure that the entire software supply chain is not tampered with. With the Scribe platform, teams can generate, manage and share SBOMs, validate integrity, and track vulnerabilities of their containers, dependencies, and pipelines.”
Scribe platform key features:
- Automatically generate, and manage SBOMs and security insights
- Validate the code integrity and provenance
- Track vulnerabilities in the containers, dependencies, and pipelines
- Detect code tampering
- Continuously demonstrate compliance with supply chain regulations and best practices
- Selectively share all this, in a controlled manner, with stakeholders internally across organizations