PROTECT YOUR DEVOPS ENVIRONMENT WITH AN EASY TO USE, ALL-IN-ONE SOLUTION.
+ code signing
+ sbom lifecycle
+ vulnerability scanning
+ K8s runtime enforcement

REQUEST TRIAL *
*no credit card required

CodeNotary

Trustcenter

Achieve Supply chain Levels for Software Artifacts (SLSA) compliance with one integrated product.

Identify and neutralize unwanted artifacts like Log4J in seconds.

Discover Codenotary Trustcenter

B

TRUSTED SUPPLY CHAIN INTEGRITY AND PROVENANCE WITH TAMPERPROOF SBOM

  • Your customers require you to provide secure and untampered provenance of your software solution already today.
  • 70% of software organizations have already been affected by supply chain attacks.
  • Zero Trust infrastructure, SOFTWARE evidence and SBOM are important to comply with the 2021 Cyber Security Executive Order!
Download PDF

SOFTWARE BILL OF MATERIALS FOR:

Docker
Python
Go
Java (Maven)
Node.js (NPM)

.Net

Kubernetes

C++
and more…

BENEFITS

Complete & Fully Trusted Pipeline

Tamperproof bill of materials for your workloads with cryptographic verification. 

Provenance
& Tracking

Spot foreign objects and guarantee provenance of the inventory of your objects.

Granular
Revocation

Maintain trust status at the level of each individual artifacts at scale.

HAPPY Customers

Previous
Next

WHAT CLIENTS SAY ABOUT US

Supply chain security is part and parcel of earning the community’s trust as a platform. Therefore, AlmaLinux is working on integration with the Community Attestation Service, to provide a secure Bill of Materials for the AlmaLinux OS distribution and guarantee the provenance of our builds. We are partnering with Codenotary to provide these integrity measures given the open source nature of their toolchain and their tamper-proof immudb database.
Igor Seletskiy
Igor SeletskiyCEO - CloudLinux
We place a high value on scalable and highly available, tamper-proof platforms for our banking and insurance customers. Codenotary's solutions are a very important building block for us.
Tom Luessi
Tom LuessiCEO, Naveum AG
Codenotary enables tamper-proof notarization and attestation of all our software, including dependencies, to secure and catalog everything we store, use and run.
Executive Director at Top5 Investment Bank
We were able to implement this solution in record time. The open-source approach, the easy integration into our DevOps chain and the flexibility when it comes to revocation is a real game-changer. That is how software trust and integrity should look and feel,.
Pascal VizeliCo-founder and core developers of Home Assistant
We receive all key indicators at a glance and no longer have to gather the information in various systems.
Team Lead IT Platforms, 3rd largest Bank in Germany
Setup and operational in less than 30 minutes and provides immediate benefits and insights. Highly recommended!
Tarun Keswani
Tarun KeswaniPrincipal Staff Engineer, Motorola Solutions
It is amazing to have this tremendous flexibility and the possibilities of easy and fast integrations.
Jan Unger
Jan UngerNetwork and Datacenter Engineer, Netcloud AG
While looking for a suitable monitoring, analysis and troubleshooting product, we found Metrics & Logs. Flexibility and ease of deployment is impressive and the nearly instant time to value.
Millie Cruz
Millie CruzNetwork Administrator, American College of Surgeons
Previous
Next

COMMUNITY ATTESTATION SERVICE​

Open Source Attestation Service for The Community.

Check the status of an asset anytime and anywhere with the web tool.

Start for Free
platinumMember
Codenotary is a proud supporter of Open Source and a Platinum Member of the AlmaLinux OS Foundation

Our software prevents and mitigates damage from harmful components in your DevOps environment.

Github Twitter Facebook-f Linkedin-in

PRODUCTS

RESOURCES

COMPANY

Copyright © 2021, 2022 Codenotary Inc. All rights reserved.

Terms of Service Privacy statement

Start Free Trial

Please enter contact information to receive an email with the free trial details.

White Paper — Registration

Please let us know where we can send the whitepaper on CodeNotary Trusted Software Supply Chain. 

Use Case - Tamper-resistant Clinical Trials

Goal:

Blockchain PoCs were unsuccessful due to complexity and lack of developers.

Still the goal of data immutability as well as client verification is a crucial. Furthermore, the system needs to be easy to use and operate (allowing backup, maintenance windows aso.).

Implementation:

immudb is running in different datacenters across the globe. All clinical trial information is stored in immudb either as transactions or the pdf documents as a whole.

Having that single source of truth with versioned, timestamped, and cryptographically verifiable records, enables a whole new way of transparency and trust.

Use Case - Finance

Goal:

Store the source data, the decision and the rule base for financial support from governments timestamped, verifiable.

A very important functionality is the ability to compare the historic decision (based on the past rulebase) with the rulebase at a different date. Fully cryptographic verifiable Time Travel queries are required to be able to achieve that comparison.

Implementation:

While the source data, rulebase and the documented decision are stored in verifiable Blobs in immudb, the transaction is stored using the relational layer of immudb.

That allows the use of immudb’s time travel capabilities to retrieve verified historic data and recalculate with the most recent rulebase.

Use Case - eCommerce and NFT marketplace

Goal:

No matter if it’s an eCommerce platform or NFT marketplace, the goals are similar:

  • High amount of transactions (potentially millions a second)
  • Ability to read and write multiple records within one transaction
  • prevent overwrite or updates on transactions
  • comply with regulations (PCI, GDPR, …)


Implementation:

immudb is typically scaled out using Hyperscaler (i. e. AWS, Google Cloud, Microsoft Azure) distributed across the Globe. Auditors are also distributed to track the verification proof over time. Additionally, the shop or marketplace applications store immudb cryptographic state information. That high level of integrity and tamper-evidence while maintaining a very high transaction speed is key for companies to chose immudb.

Use Case - IoT Sensor Data

Goal:

IoT sensor data received by devices collecting environment data needs to be stored locally in a cryptographically verifiable manner until the data is transferred to a central datacenter. The data integrity needs to be verifiable at any given point in time and while in transit.

Implementation:

immudb runs embedded on the IoT device itself and is consistently audited by external probes. The data transfer to audit is minimal and works even with minimum bandwidth and unreliable connections.

Whenever the IoT devices are connected to a high bandwidth, the data transfer happens to a data center (large immudb deployment) and the source and destination date integrity is fully verified.

Use Case - DevOps Evidence

Goal:

CI/CD and application build logs need to be stored auditable and tamper-evident.
A very high Performance is required as the system should not slow down any build process.
Scalability is key as billions of artifacts are expected within the next years.
Next to a possibility of integrity validation, data needs to be retrievable by pipeline job id or digital asset checksum.

Implementation:

As part of the CI/CD audit functionality, data is stored within immudb using the Key/Value functionality. Key is either the CI/CD job id (i. e. Jenkins or GitLab) or the checksum of the resulting build or container image.

White Paper — Registration

We will also send you the research paper
via email.

CodeNotary — Webinar

Become a partner

Start Your Trial

Please enter contact information to receive an email with the virtual appliance download instructions.

Subscribe to our newsletter