Shipping Container Door


Modern DevOps environments have brought significant increases in time to market for applications. However, with this gain in efficiency and productivity we have lost oversight as well as a deep understanding of what exactly is running in our production environments. As clean code producing, security minded devs and managers alike, we have to know what’s in the box before running a Docker container image.


Also, if you’re a team lead, you have to consider if the development libraries that have been approved are really the ones being used in the applications your team is deploying into production.


Know What’s In the Box

We, at Codenotary, have developed a solution that allows devs and teams to rest assured in the integrity of their build code. Additionally, organizations can enforce discipline and good, solid practices in their entire DevOps process.


For example, let’s assume that you have a set of Maven libraries or GitHub repositories. After they have been checked for conflicts and vulnerabilities, that have been approved for use in development. Once approved, it’s simple step to sign your binaries using the single command vcn sign <asset> with Codenotary’s vcn CLI tool.


Now, by signing these binaries you have given them a unique identity with a unique hash that is indelibly stored on our distributed ledger technology. Then, at any time during the build or deployment process, you can make sure that you and/or your team are working with only the approved libraries and not using the non-approved ones.


Verify Before Running an Image or at Download

Verifying assets is pretty simple as well. There are actually 3 ways to check the integrity of approved assets, which you can do when you first download them locally or later just prior to executing them. You can use the:


1)  Codenotary vcn CLI tool using the command vcn verify <asset> for verification anytime.


Codenotary vcn CLI tool - Trusted


     2)  Codenotary – Chrome extension for verification at download.


Codenotary Chrome Ext - Integrity Verified - Chrome


     3)  Codenotary drag and drop verification page which is available whenever you need it and has the added benefit of displaying the MD5, SHA1, and SHA256 hashes for each asset.


Codenotary - Drag & Drop - Verification - Verified



With multiple different ways to verify your cleared-to-use assets, you can easily authenticate the evergreen tree of matrix binaries and environments that often stretch across geographically dispersed locations.


With Codenotary, you can ensure confidence in your DevOps integrity workflow and always know what’s in the box before running a Docker container image. But you don’t have to take our word for it. Check it out for yourself and see. And if you’re an OSS contributor, it’s pretty nice cause you’re subscription is free forever.



Yes, Sign Me Up to Test It Out


Save energy without reducing VM performance in your VMware vSphere cluster
16 August 2022
Over the last couple of decades energy consumption went up massively in every data center and while the…
Metrics & Logs support for IoT - Bringing Secure Monitoring and Logging to the Edge
7 July 2022
Simple uptime monitoring for Internet-of-Things (IoT) is well-known and requires knowing if the devices are up and running.…
Monitoring Azure SQL Managed Instance with Opvizor Metrics & Logs
17 January 2022
When you have critical applications and business processes that rely on Azure resources, it's critical to keep an…

White Paper — Registration

You will receive the research paper by mail.

Codenotary — Webinar

White Paper — Registration

Please let us know where we can send the whitepaper on Codenotary Trusted Software Supply Chain. 

Become a partner

Start Your Trial

Please enter contact information to receive an email with the virtual appliance download instructions.

Start Free Trial

Please enter contact information to receive an email with the free trial details.

Subscribe to our newsletter