Codenotary - Product Update July 2019.v2


It’s finally time for a new Codenotary product update again. The update includes organizational management and signing features, Codenotary for Kubernetes suite add-on – Kube-Notary: a K8s watchdog, and the JVCN for Maven plugin and JSVCN for JavaScript package.


What’s New in Codenotary

  • Organization management:
    • Ability to create an organization and add users to it from the dashboard
    • Ability to sign assets in the organization’s name
    • Ability to verify an asset based on an organization
  • Codenotary for Kubernetes:
    • Kube-notary: a Kubernetes watchdog to continuously monitor Kubernetes cluster at runtime and notify when unknown or untrusted container /images/blog
      • Codenotary created Grafana dashboard
      • Verification metrics exporter for Prometheus
  • JVCN: the Maven plugin allows for the verification of dependency integrity during builds
  • JSVCN: the JavaScript package allows for the verification of a digital asset’s integrity that is used in a web application


Start Using Codenotary


Organizational Management

Enterprise users now can sign the digital assets their organization produces by creating an organization in the dashboard (below) for their company. New organizational team members can be directly in the dashboard as seen below as well.

Codenotary Organizational Dashboard View


Verifying a Digital Asset Against an Organization

Verification of an organization’s digital asset can be done from anywhere globally, both from inside and outside of the organization. This allows for users outside of the signing organization to be sure that the indicated organization did, in fact, sign the digital asset they are seeking to use.


Verifying Against a Group of Signers (Keys)

Groups of signers or organizations such as several vendors like,, and can be required to have all their signatures approved before a digital asset is okayed to be used. For example, before an asset is allowed to be used internally or passed off to another contractor, signatures from multiple responsible parties, e.g. contractors, auditors, regulators, etc., all need to sign off on an asset first.


More information can be found on our blog here.


Codenotary for Kubernetes: Kube-Notary

kube-notary is the first add-on of the Codenotary for Kubernetes suite. It acts as a watchdog for users’ Kubernetes environments and continuously monitors clusters at runtime, issuing instant notifications when an unknown, untrusted, or unsupported container image is found running. After deploying the service within a cluster, all pods are continuously checked by matching the hash signature of the running image to the hash that is stored immutably on the blockchain. If the hashes match, trust is verified. Containers are checked and re-verified at regular, user-specified intervals. If any containers are found that are not ‘Trusted’, kube-notary alerts you instantly.


Additionally, kube-notary comes with a built-in verification metrics exporter, everything can be easily visualized in a Prometheus time series database using the Codenotary created Grafana dashboard (screenshot below).


Kubernetes vcn Grafana Dashboard Visual 2


More information can be found about kube-notary on our GitHub page here or the Grafana dashboard here.



Codenotary & Maven Integration Graphic 

The jvcn-maven plugin allows for the verification of dependency integrity during builds. Additionally, the build process can be stopped by the plugin if it encounters a non-trusted dependency.


More information can be found on our blog here or GitHub repo here.



The JVSCN package is an easy to use JavaScript client for the Codenotary platform. It allows for the verification of digital assets used in web applications by connecting directly to the Codenotary blockchain and querying asset metadata from Codenotary. This way developers can integrate the power of the blockchain with their web apps without having to deal with the complexity of communicating with a blockchain. The package is unit tested and well designed and is a verify-subset of our vcn tool functionality. It is available on NPM here.


More information can be found on our blog here or GitHub repo here.


Save energy without reducing VM performance in your VMware vSphere cluster
16 August 2022
Over the last couple of decades energy consumption went up massively in every data center and while the…
Metrics & Logs support for IoT - Bringing Secure Monitoring and Logging to the Edge
7 July 2022
Simple uptime monitoring for Internet-of-Things (IoT) is well-known and requires knowing if the devices are up and running.…
Monitoring Azure SQL Managed Instance with Opvizor Metrics & Logs
17 January 2022
When you have critical applications and business processes that rely on Azure resources, it's critical to keep an…

White Paper — Registration

You will receive the research paper by mail.

Codenotary — Webinar

White Paper — Registration

Please let us know where we can send the whitepaper on Codenotary Trusted Software Supply Chain. 

Become a partner

Start Your Trial

Please enter contact information to receive an email with the virtual appliance download instructions.

Start Free Trial

Please enter contact information to receive an email with the free trial details.

Subscribe to our newsletter