check mark (green)


One dev in his search to find a way to continuously verify his Docker container integrity recently notified us about his search and the answer he found. Below we share his story and a cool find he made as well with the community.

The Search for Finding Docker Container Integrity Verification

Got an interesting email yesterday from Rufus White, a dev, who mentioned he was trying to find out how he can ensure the integrity of his containers, especially after the recent Docker Hub attack. He wanted to know if his containers were still safe and how he could know they were continuously safe. He reasoned that checking them one time worked for that single instance, but he used containers everyday so once wasn’t enough. Hackers don’t stop because a file has been vetted. In fact,  vetted files would be one of the first places they would target as certified binaries often causes security to lower their defenses.


Words from a Happy Downloader

Rufus mentioned he had found a solution by Googling and found a product called CodeNotary. His email is below:


Just found this interesting little tool called CodeNotary today. Set it up and within about 8 minutes I could sign and verify my containers. It also had the continuous verification that I was looking for. The setup process was really straightforward. Of course, as I downloaded vcn from the internet (GitHub) on my Windows machine I got the usual annoying warnings during the install process as I forgot to unblock the file. I’ve seen those things pop a lot for legit software though and really don’t put too much stock into digital certificates these days.


What was pretty cool was that once I had set up the Chrome extension and installed the tool on another machine to test it, I got a clean notification from CodeNotary assuring me that the file integrity of the CLI installer was trusted.


CodeNotary Chrome Extension - Integrity Verified - Brave


Verified right at download. The thing kind of made the point for itself from the git…

(Btw, I use the Brave browser, which the Chrome extension also works on. Y’all should check it out if you haven’t already.)


Traditional Download Notification Nonsense

The download notification Rufus was referring to that pops up during download only pops up because we weren’t ok with paying $1000 more for a different digital certificate that does the exact same thing as the basic version does but with one small difference. That difference is the removal of the warning that pops up at download. For a $1000? That’s alright. We’ll pass. It will eventually disappear once we reach a certain amount of downloads. In the meantime, it’s easy for users to unblock the downloaded file after the download has completed and bypass the nonsense.


Simple Code to Ensure Container Integrity That Goes Beyond Tradition

It’s actually really easy to ensure the integrity of your containers (or other code, /images/blog, files, backups, etc.). With the command line interface, it’s one step to sign (vcn sign) and one step to verify (vcn verify). 

And there’s actually one other way to quickly verify in addition to the Chrome app and the CLI command, which is by using CodeNotary’s drag and drop webpage. You can check out its functionality here as well as see it in the screenshots below:




After the verification check runs and shows you whether the asset is verified or not, it will also show you the MD5, SHA1, and SHA256 hashes for the file in case you ever want to double check and do a manual verification test yourself.


CodeNotary - Drag & Drop - Verification - Verified

Also, you can get the Chrome extension here .



We were glad to receive the feedback. It’s cool to see the word getting out there that devs can ensure their Docker Container Integrity CodeNotary’s vcn CLI tool and that when someone does happen to come across us, they find the tool useful and easy to use so much so that they write in to express their enjoyment. And what a bonus, finding out from a happy user that our browser extension works on the Brave browser as well!


If you want to test it out and play around with the extension yourself, go for it. It’s free to test out. And bonus if you’re an OSS dev as it’s on the free forever plan for you.


Test Out CodeNotary


Check Out Its Integrations

Metrics and Logs

(formerly, Opvizor Performance Analyzer)

VMware vSphere & Cloud

Monitor and Analyze Performance and Log files:
Performance monitoring for your systems and applications with log analysis (tamperproof using immudb) and license compliance (RedHat, Oracle, SAP and more) in one virtual appliance!

Subscribe to Our Newsletter

Get the latest product updates, company news, and special offers delivered right to your inbox.

Subscribe to our newsletter

Use Case - Tamper-resistant Clinical Trials


Blockchain PoCs were unsuccessful due to complexity and lack of developers.

Still the goal of data immutability as well as client verification is a crucial. Furthermore, the system needs to be easy to use and operate (allowing backup, maintenance windows aso.).


immudb is running in different datacenters across the globe. All clinical trial information is stored in immudb either as transactions or the pdf documents as a whole.

Having that single source of truth with versioned, timestamped, and cryptographically verifiable records, enables a whole new way of transparency and trust.

Use Case - Finance


Store the source data, the decision and the rule base for financial support from governments timestamped, verifiable.

A very important functionality is the ability to compare the historic decision (based on the past rulebase) with the rulebase at a different date. Fully cryptographic verifiable Time Travel queries are required to be able to achieve that comparison.


While the source data, rulebase and the documented decision are stored in verifiable Blobs in immudb, the transaction is stored using the relational layer of immudb.

That allows the use of immudb’s time travel capabilities to retrieve verified historic data and recalculate with the most recent rulebase.

Use Case - eCommerce and NFT marketplace


No matter if it’s an eCommerce platform or NFT marketplace, the goals are similar:

  • High amount of transactions (potentially millions a second)
  • Ability to read and write multiple records within one transaction
  • prevent overwrite or updates on transactions
  • comply with regulations (PCI, GDPR, …)


immudb is typically scaled out using Hyperscaler (i. e. AWS, Google Cloud, Microsoft Azure) distributed across the Globe. Auditors are also distributed to track the verification proof over time. Additionally, the shop or marketplace applications store immudb cryptographic state information. That high level of integrity and tamper-evidence while maintaining a very high transaction speed is key for companies to chose immudb.

Use Case - IoT Sensor Data


IoT sensor data received by devices collecting environment data needs to be stored locally in a cryptographically verifiable manner until the data is transferred to a central datacenter. The data integrity needs to be verifiable at any given point in time and while in transit.


immudb runs embedded on the IoT device itself and is consistently audited by external probes. The data transfer to audit is minimal and works even with minimum bandwidth and unreliable connections.

Whenever the IoT devices are connected to a high bandwidth, the data transfer happens to a data center (large immudb deployment) and the source and destination date integrity is fully verified.

Use Case - DevOps Evidence


CI/CD and application build logs need to be stored auditable and tamper-evident.
A very high Performance is required as the system should not slow down any build process.
Scalability is key as billions of artifacts are expected within the next years.
Next to a possibility of integrity validation, data needs to be retrievable by pipeline job id or digital asset checksum.


As part of the CI/CD audit functionality, data is stored within immudb using the Key/Value functionality. Key is either the CI/CD job id (i. e. Jenkins or GitLab) or the checksum of the resulting build or container image.

White Paper — Registration

We will also send you the research paper
via email.

CodeNotary — Webinar

White Paper — Registration

Please let us know where we can send the whitepaper on CodeNotary Trusted Software Supply Chain. 

Become a partner

Start Your Trial

Please enter contact information to receive an email with the virtual appliance download instructions.

Start Free Trial

Please enter contact information to receive an email with the free trial details.