Codenotary First to Provide Search Capability for Software Artifacts and SBOMs

HOUSTON--(BUSINESS WIRE)--Codenotary, leaders in software supply chain protection, today announced that the company’s leading product, Trustcenter v3.0, is the first to add a pervasive search capability to find software artifacts that may present problems, along with their change history including the runtime of a container.

Until now, organizations with millions or billions of artifacts had no way to efficiently sift through all their software code when a new problem is identified – sometimes taking months to identify and resolve vulnerabilities. Codenotary’s Trustcenter enables quick ad hoc querying of the status of a single or multiple artifacts and their change history, either from a command line tool or from a graphical user interface.

“We are making Software Bill of Materials (SBOMs) actionable. Without search, SBOMs and code signing information is not very useful,” said Dennis Zimmer, co-founder and chief technology officer at Codenotary. “Deep search capability can be used as part of an organization's compliance, auditing, and forensics activity to maintain a secure software supply chain. It can reduce the time to identify and resolve issues from months to minutes.”

Codenotary’s Trustcenter v3.0 can be used to secure all stages of a CI/CD (continuous integration/continuous delivery) pipeline. With attestation (notarization and authentication) of every step in the pipeline, that includes vulnerability scanner results, and evidence maintained in a tamper-proof and immutable service, makes it possible to reach and track Level 1 up to 4 of the SLSA (Supply-chain Levels for Software Artifacts) standard.

Codenotary provides tools for notarization and verification of the software supply chain attesting to the provenance and safety of the artifacts. The company provides an indelible solution for processing millions of transactions per second, on-premises or in the cloud, and with cryptographic verification. It gives DevOps a way to generate and attach and link an actionable SBOM for software artifacts that include source code, builds, repositories, and more, plus container images for their software. Trustcenter is the first to track changes in a SBOM during the runtime of a container.

Storing all of this in an immutable database is key to making this information trusted and usable for compliance, audits, and forensics. Codenotary is the primary maintainer of immudb, the first and only open source enterprise-class immutable database with data permanence at scale for demanding applications -- up to billions of transactions per day. There have been more than 15 million downloads of immudb to date, which serves as the foundation for the company’s supply chain security products.

As a resource for anyone wanting to learn more about SBOMs, Codenotary maintains an informational site with up-to-date information on SBOM and other supply chain protection subjects, https://thesbom.com.

About Codenotary

With hundreds of customers that includes top three banks in the U.S. and Europe, Codenotary brings easy to use trust and integrity into the software lifecycle by providing end-to-end cryptographically verifiable tracking and provenance for all artifacts, actions, and dependencies. Codenotary can be set up in minutes and can be fully integrated with modern CI/CD platforms. It is the only immutable and client-verifiable solution available that is capable of processing millions of transactions a second. With the Codenotary tamper-proof bill of materials, users can instantly identify untrusted components in their software builds. For more information, go to https://www.codenotary.com.