CodeNotary - Product Update July 2019.v2


It’s finally time for a new CodeNotary product update again. The update includes organizational management and signing features, CodeNotary for Kubernetes suite add-on – Kube-Notary: a K8s watchdog, and the JVCN for Maven plugin and JSVCN for JavaScript package.


What’s New in CodeNotary

  • Organization management:
    • Ability to create an organization and add users to it from the dashboard
    • Ability to sign assets in the organization’s name
    • Ability to verify an asset based on an organization
  • CodeNotary for Kubernetes:
    • Kube-notary: a Kubernetes watchdog to continuously monitor Kubernetes cluster at runtime and notify when unknown or untrusted container /images/blog
      • CodeNotary created Grafana dashboard
      • Verification metrics exporter for Prometheus
  • JVCN: the Maven plugin allows for the verification of dependency integrity during builds
  • JSVCN: the JavaScript package allows for the verification of a digital asset’s integrity that is used in a web application


Start Using CodeNotary


Organizational Management

Enterprise users now can sign the digital assets their organization produces by creating an organization in the dashboard (below) for their company. New organizational team members can be directly in the dashboard as seen below as well.

CodeNotary Organizational Dashboard View


Verifying a Digital Asset Against an Organization

Verification of an organization’s digital asset can be done from anywhere globally, both from inside and outside of the organization. This allows for users outside of the signing organization to be sure that the indicated organization did, in fact, sign the digital asset they are seeking to use.


Verifying Against a Group of Signers (Keys)

Groups of signers or organizations such as several vendors like,, and can be required to have all their signatures approved before a digital asset is okayed to be used. For example, before an asset is allowed to be used internally or passed off to another contractor, signatures from multiple responsible parties, e.g. contractors, auditors, regulators, etc., all need to sign off on an asset first.


More information can be found on our blog here.


CodeNotary for Kubernetes: Kube-Notary

kube-notary is the first add-on of the CodeNotary for Kubernetes suite. It acts as a watchdog for users’ Kubernetes environments and continuously monitors clusters at runtime, issuing instant notifications when an unknown, untrusted, or unsupported container image is found running. After deploying the service within a cluster, all pods are continuously checked by matching the hash signature of the running image to the hash that is stored immutably on the blockchain. If the hashes match, trust is verified. Containers are checked and re-verified at regular, user-specified intervals. If any containers are found that are not ‘Trusted’, kube-notary alerts you instantly.


Additionally, kube-notary comes with a built-in verification metrics exporter, everything can be easily visualized in a Prometheus time series database using the CodeNotary created Grafana dashboard (screenshot below).


Kubernetes vcn Grafana Dashboard Visual 2


More information can be found about kube-notary on our GitHub page here or the Grafana dashboard here.



CodeNotary & Maven Integration Graphic 

The jvcn-maven plugin allows for the verification of dependency integrity during builds. Additionally, the build process can be stopped by the plugin if it encounters a non-trusted dependency.


More information can be found on our blog here or GitHub repo here.



The JVSCN package is an easy to use JavaScript client for the CodeNotary platform. It allows for the verification of digital assets used in web applications by connecting directly to the CodeNotary blockchain and querying asset metadata from CodeNotary. This way developers can integrate the power of the blockchain with their web apps without having to deal with the complexity of communicating with a blockchain. The package is unit tested and well designed and is a verify-subset of our vcn tool functionality. It is available on NPM here.


More information can be found on our blog here or GitHub repo here.

Metrics and Logs

(formerly, Opvizor Performance Analyzer)

VMware vSphere & Cloud

Monitor and Analyze Performance and Log files:
Performance monitoring for your systems and applications with log analysis (tamperproof using immudb) and license compliance (RedHat, Oracle, SAP and more) in one virtual appliance!

Subscribe to Our Newsletter

Get the latest product updates, company news, and special offers delivered right to your inbox.
Share on twitter
Share on linkedin
Share on facebook
Share on email

Subscribe to our newsletter

White Paper — Registration

We will send you the research paper via email.

CodeNotary — Webinar

White Paper — Registration

Please let us know who you are, so we can send you the CodeNotary Trusted Software Supply Chain white paper.

Become a partner

Start Your Trial

Please enter contact information to receive an email with the virtual appliance download instructions.

Start Free Trial

Please enter contact information to receive an email with the free trial details.