What news from AWS re:Invent last week will have the most impact on you?
Amazon Q, an AI chatbot for explaining how AWS works.
Super-fast S3 Express storage.
New Graviton 4 processor instances.
Emily Freeman leaving AWS.
I don't use AWS, so none of this will affect me.
Cloud Services / Security

Codenotary Cloud Secures Software Supply Chain and DevSecOps

Codenotary adds vulnerability scanning and more to its Codenotary Cloud end-to-end software supply chain security service.
Mar 17th, 2022 7:47am by
Featued image for: Codenotary Cloud Secures Software Supply Chain and DevSecOps
Featured image via Pixabay.

Software supply chain security has always been an issue. Until recently, thanks to the Solarwinds software supply chain fiasco, we weren’t that aware of it. Things have changed and we now know it’s a big deal. So, when Codenotary announced new features in its Codenotary Cloud, a top end-to-end software supply chain security service it was worth paying attention to.

This builds on Codenotary Community Attestation Service, an open source notarization and verification service. This can work with continuous integration/continuous delivery (CI/CD) services to produce reliable software bills of materials (SBOM).

Vulnerability Scanning

In this latest version, Codenotary’s vulnerability scanning is incorporated into the service. You can also integrate Codenotary Cloud with other vulnerability scanners. This enables you to present customers with a secure, tamper-proof software supply chain for your SBOMs. Other Codenotary Cloud trust enhancements enable programs covered by its protection to be used more easily in DevOps and Kubernetes deployments.

This tamper-proof SBOM for development artifacts source code, builds, repositories, Docker container images, and more. Each such artifact retains a cryptographically strong identity stored inside immudb, the open source immutable database. All of these can be verified at a rate of millions of checks per second

Lower Cost, Greater Compliance

Codenotary claims that this new and improved Codenotary Cloud greatly reduces the cost to quickly identify and remove unwanted artifacts by up to 80%. The company also states that it can satisfy the needs of businesses that require compliance with the U.S. Executive Order on Improving the Nation’s Cybersecurity.

“Our cloud service delivers simplicity combined with the industry’s most sophisticated capabilities for assuring a secure software supply chain,” said Moshe Bar, Codenotary co-founder and CEO. “It is immutable and tamper-proof providing users with full trust in the essential software they rely on to run their businesses. That is not trivial in today’s world where software supply chain attacks like log4j and SolarWinds have had far-reaching consequences.”

So, today, Codenotary Cloud can be integrated with many popular CI/CD systems. The DevOps attestation service runs on any cloud or host as a managed service or customers can host themselves. Pricing starts at $5,500 for a workgroup of 10 developers.

Is it worth checking out to see if it would work for you? I certainly think so. Securing code and being able to know what’s what in a program with a trustworthy SBOM is no longer just a nice feature, but a security essential for today’s IT users.

Group Created with Sketch.
TNS owner Insight Partners is an investor in: Docker.
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.