Customer Use Case: How a Major Asian Bank Ensures Application Integrity with Codenotary’s Trustcenter and Guardian

Recently, one of our banking clients  in Asia faced a critical challenge: ensuring their Java applications were free from vulnerabilities throughout the DevOps life cycle and during runtime. Given the increasing sophistication of cyber threats, they needed a robust solution to scan and verify their Java Archive (JAR) files efficiently while maintaining regulatory compliance.

The bank's DevOps team was responsible for managing thousands of Java applications across various environments. Their primary concerns were:

• Continuously scan JAR files for vulnerabilities during development and integration.
• Ensure only trusted artifacts were deployed to production.
• Monitor and detect runtime modifications to prevent unauthorized changes or potential compromises.

Their previous approach involved manual checks and traditional vulnerability scanners, which lacked the automation and trust verification needed for a robust security framework.

Codenotary Trustcenter & Guardian

To address these challenges, the bank adopted a two-pronged approach:

1. Trustcenter for DevOps security
2. Guardian for runtime protection

Implementing Codenotary Trustcenter

During the development and CI/CD pipeline, the bank integrated Codenotary Trustcenter to:

• Scan all Java JAR files for known vulnerabilities before deployment
• Digitally attest artifacts, ensuring integrity and immutability
• Establish a Software Bill of Materials (SBOM) for complete traceability
• Automate security checks directly within Jenkins, GitLab, and other DevOps tools

With Trustcenter, the bank's DevOps team could immediately verify whether a JAR file was trusted, previously scanned, and free from known CVEs (Common Vulnerabilities and Exposures). This proactive security approach significantly reduced the risk of deploying vulnerable code into production.

Implementing Codenotary Guardian

While Trustcenter ensured security in the DevOps pipeline, Codenotary Guardian provided real-time runtime protection by:

• Monitoring deployed Java applications for unauthorized modifications
• Preventing untrusted JAR files from executing in production
• Enforcing runtime integrity policies, ensuring only notarized code runs in sensitive banking environments
• Triggering alerts for any deviation from the trusted software state

By deploying Guardian across their runtime environments, the bank could immediately detect if any application had been modified or if an unauthorized component was attempting to execute. This gave them confidence that their Java applications remained secure even after deployment.

End Results

By integrating Codenotary Trustcenter and Guardian, the bank achieved:

✅ End-to-end security for Java JAR files, from development to production.

✅ Continuous vulnerability detection and prevention, reducing attack surfaces.

✅ Regulatory compliance with industry standards and cybersecurity mandates.

✅ Faster response to threats with real-time monitoring and automated remediation.

✅ Increased developer productivity, eliminating manual security checks.

This bank successfully secured its Java application security by integrating Trustcenter for DevOps lifecycle protection and Guardian for real-time runtime security. With a proactive, automated, and immutable security framework, they now have full confidence in their software supply chain and production environment, ensuring secure banking services for millions of customers.

For financial institutions facing similar challenges, this case study demonstrates how a comprehensive trust verification and runtime security strategy can safeguard critical applications against modern threats.