Shipping Container Door


Modern DevOps environments have brought significant increases in time to market for applications. However, with this gain in efficiency and productivity we have lost oversight as well as a deep understanding of what exactly is running in our production environments. As clean code producing, security minded devs and managers alike, we have to know what’s in the box before running a Docker container image.


Also, if you’re a team lead, you have to consider if the development libraries that have been approved are really the ones being used in the applications your team is deploying into production.


Know What’s In the Box

We, at CodeNotary, have developed a solution that allows devs and teams to rest assured in the integrity of their build code. Additionally, organizations can enforce discipline and good, solid practices in their entire DevOps process.


For example, let’s assume that you have a set of Maven libraries or GitHub repositories. After they have been checked for conflicts and vulnerabilities, that have been approved for use in development. Once approved, it’s simple step to sign your binaries using the single command vcn sign <asset> with CodeNotary’s vcn CLI tool.


Now, by signing these binaries you have given them a unique identity with a unique hash that is indelibly stored on our distributed ledger technology. Then, at any time during the build or deployment process, you can make sure that you and/or your team are working with only the approved libraries and not using the non-approved ones.


Verify Before Running an Image or at Download

Verifying assets is pretty simple as well. There are actually 3 ways to check the integrity of approved assets, which you can do when you first download them locally or later just prior to executing them. You can use the:


1)  CodeNotary vcn CLI tool using the command vcn verify <asset> for verification anytime.


CodeNotary vcn CLI tool - Trusted


     2)  CodeNotary – Chrome extension for verification at download.


CodeNotary Chrome Ext - Integrity Verified - Chrome


     3)  CodeNotary drag and drop verification page which is available whenever you need it and has the added benefit of displaying the MD5, SHA1, and SHA256 hashes for each asset.


CodeNotary - Drag & Drop - Verification - Verified



With multiple different ways to verify your cleared-to-use assets, you can easily authenticate the evergreen tree of matrix binaries and environments that often stretch across geographically dispersed locations.


With CodeNotary, you can ensure confidence in your DevOps integrity workflow and always know what’s in the box before running a Docker container image. But you don’t have to take our word for it. Check it out for yourself and see. And if you’re an OSS contributor, it’s pretty nice cause you’re subscription is free forever.



Yes, Sign Me Up to Test It Out

Metrics and Logs

(formerly, Opvizor Performance Analyzer)

VMware vSphere & Cloud

Monitor and Analyze Performance and Log files:
Performance monitoring for your systems and applications with log analysis (tamperproof using immudb) and license compliance (RedHat, Oracle, SAP and more) in one virtual appliance!

Subscribe to Our Newsletter

Get the latest product updates, company news, and special offers delivered right to your inbox.
Share on twitter
Share on linkedin
Share on facebook
Share on email

Subscribe to our newsletter

White Paper — Registration

We will send you the research paper via email.

CodeNotary — Webinar

White Paper — Registration

Please let us know who you are, so we can send you the CodeNotary Trusted Software Supply Chain white paper.

Become a partner

Start Your Trial

Please enter contact information to receive an email with the virtual appliance download instructions.

Start Free Trial

Please enter contact information to receive an email with the free trial details.