Community Attestation Service addresses need for integrated, continuous security for developers
HOUSTON, May 11, 2022--(BUSINESS WIRE)--Codenotary, leaders in software supply chain security, today announced the addition of the first-ever free background vulnerability scanning service combined with a free and open source Community Attestation Service (CAS) code signing and attestation service to further secure open source supply chains.
Gartner predicts that by 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains, a three-fold increase from 2021. The addition of a free vulnerability service to CAS allows cloud native and open source projects to better secure their projects. This additional service scans assets (based on the hashes uploaded) for any known security vulnerability and provides alerts if problematic packages are found in the stack. CAS can also be used to "untrust" any problematic artifacts.
"This is especially unique – a totally free code integrity service that integrates automated, continuous and self-updating vulnerability scanning, delivering alerts when it finds issues," said Dennis Zimmer, co-founder and chief technology officer, Codenotary. "Users of open source software – and that is pretty much everyone – have a free and easy way to ensure the security of their software supply chain which addresses a big and growing problem."
Codenotary is the primary maintainer of immudb, the first and only open source enterprise-class immutable database with data permanence at scale for demanding applications -- up to billions of transactions per day. Codenotary uses immudb to underpin its notarization and verification product. There have been more than 12 million downloads of immudb.
Codenotary provides tools for cataloging and trusting components of the software development lifecycle which help attest to the origin and safety of the code. The company further enhances this core functionality by providing an additional tamper-proof layer which processes and stores millions of transactions per second, on-premises or as a cloud service, and with cryptographic verification. It gives developers a way to attach a Software Bill of Materials (SBOM) for development artifacts that include source code, builds, repositories, and more, plus Docker and Kubernetes container images for their software.
With over 100 customers that includes top three banks in the U.S. and Europe, Codenotary brings easy to use trust and integrity into the software lifecycle by providing end-to-end cryptographically verifiable tracking and provenance for all artifacts, actions, and dependencies. Codenotary can be set up in minutes and can be fully integrated with modern CI/CD platforms. It is the only immutable and client-verifiable solution available that is capable of processing millions of transactions a second. With the Codenotary tamper-proof bill of materials, users can instantly identify untrusted components in their software builds. . For more information, go to https://www.codenotary.com.
View source version on businesswire.com: https://www.businesswire.com/news/home/20220511005104/en/
Joe Eckert for Codenotary