Codenotary Introduces Automated Software Bill of Materials for Serverless Applications

HOUSTON--(BUSINESS WIRE)--Codenotary, leaders in software supply chain protection, today announced TrueSBOM for Serverless, a self-updating Software Bill of Materials (SBOM) for applications running on AWS Lamda, Google Cloud Functions and Microsoft Azure Functions that is made possible by simply adding one line to the application source code. Until now, SBOM generation for serverless apps was nearly impossible.

With TrueSBOM, applications self-report their components so that the SBOM always remains up-to-date. That is really the only way to create an SBOM for serverless applications. Otherwise, SBOMs are created as a snapshot in time that shows the list of components when the application is created. But, because serverless apps are created ‘on-the-fly’ each time they are invoked, the traditional way of creating SBOMs was useless – requiring the SBOM to be maintained every time. The patent-pending Codenotary technology changes all of that.

“The real-time update capability of our TrueSBOM technology makes it possible to generate an SBOM for serverless apps, which previously was almost impossible leaving organizations with a gaping security hole,” said Dennis Zimmer, co-founder and chief technology officer, Codenotary. “Now, with TrueSBOM it’s possible to generate the list of ingredients that make up the application in real-time adding a new level of security to serverless applications.”

The new TrueSBOM for Severless helps enterprises comply with the U.S. Executive Order on Improving the Nation’s Cybersecurity, which includes maintaining a Software Bill of Materials (SBOM), as well as the SLSA security framework to ensure trust in the software supply chain.

TrueSBOM guarantees that the SBOM for a serverless application is always a true reflection of its components – and that the SBOM is not just a text file that is stored separately from the application, but rather it’s part of the application itself that export on request its own SBOM or list of ingredients. This is critical for modern applications like serverless that self-update, where relying on an external SBOM generation at build-time would not pick up the new updates.

In addition, TrueSBOM allows the enrichment of the SBOM with vulnerability scanner results or trust and integrity information. TrueSBOM keeps the list of contents in an app up-to-date at all times providing a level of security that was previously near impossible to attain.

TrueSBOM for Serverless is available now and priced at $450 per application per year. For additional information, go to https://codenotary.com/products/truesbom-serverless. For more details on how TrueSBOM works, read the blog post.

About Codenotary

With hundreds of customers that includes top three banks in the U.S. and Europe, Codenotary brings easy to use trust and integrity into the software lifecycle by providing end-to-end cryptographically verifiable tracking and provenance for all artifacts, actions, and dependencies. Codenotary can be set up in minutes and can be fully integrated with modern CI/CD platforms. It is the only immutable and client-verifiable solution available that is capable of processing millions of transactions a second. With the Codenotary tamper-proof bill of materials, users can instantly identify untrusted components in their software builds. For more information, go to https://www.codenotary.com.