Quite a bold statement you might wonder. But that is our goal for all non-commercial projects. The whole certificate authority industry likes to make money on the back of non-commercial projects. They typically lure you into a free code signing certificate for 1 to 3 years and then there comes payday.

If you don’t go for it your certificate won’t get extended and expires (and with it your signed assets).

The only way for some little protection is either an annually paid digital certificate (especially if you provide Microsoft Windows executable), or use MD5/SHA-1/SHA-256 or GPG, that needs to be manually checked. One certificate to sign all of your releases just to avoid nasty built-in warnings in Microsoft Windows. That is just not enough for the price. In the end, you provide free tools and software but you need to pay for a user to be able to use them without any warnings.

An amazing open-source and non-commercial community is providing great software, tools, and documents saving billions of hours for others. You, as part of that community, shouldn’t pay for any protection or management of their assets (files, documents, releases).

The voices of annoyance are hard to ignore – be sure to check the blog post about community reactions on digital certificates.

What does CodeNotary do for non-commercial and open source developers?

Dennis Zimmer, CTO, and co-founder of vChain, the creator of CodeNotary stated: "We at vChain, created CodeNotary to protect your hard work, increase user confidence and trust without spending a fortune. If you provide non-commercial software we provide a life-long free subscription of CodeNotary."

Leveraging the blockchain technology makes it possible to avoid the enormous costs involved to build a high-secure data-center and go through all the typical market-regulating hurdles to offer alternative solutions.

CodeNotary does exactly that: automatically creating a unique hash of your digital assets and store that on an immutable blockchain. That blockchain entry does include the author information and a trust level.

The better proof of the ownership and the author’s identity the higher goes the trust level of assets. That way CodeNotary allows you to store every single asset of yours in a secure and immutable way, without going through all the trouble with digital certificates to sign your code. Furthermore, instead of being limited to revoke a whole certificate with all of its signed assets, CodeNotary allows a change of the trust level for every single asset.

We invite all non-commercial project owners, developers to get their all-time free CodeNotary subscription here:

Non-Commercial Projects License

CodeNotary components

When you start using CodeNotary, you automatically get the dashboard access where you can see and manage all digital assets you ever signed. To sign files, documents, docker container and more, you need to use the vcn command line as well. But let’s dig into the 2 important components.

Start CodeNotary dashboard

All is done with 2 simple components:

  1. vcn command line tool, that does all the asset action (completely open source on GitHub)
  2. a beautiful dashboard that simplifies managing and monitoring your signed assets

Chrome Browser extension

Btw. there is a 3rd one that makes verifying of download integrity extremely simple. The CodeNotary Google Chrome extension. That extension supports direct download verification against the CodeNotary blockchain service as well as on-demand verification of files already stored on your machine.

The CodeNotary extension for Google Chrome to automatically check download integrity


As we’re just getting started there is much more to come. At that time we already support the following actions:

  1. Sign any of your files, documents, docker container and much more (Trust)
  2. Verify the integrity of digital assets you signed
  3. Verify the integrity of digital assets based on other author sign action
  4. Untrust your own digital assets
  5. Unsupport your digital assets (i. e. outdated version)
  6. List and manage all of your signed assets, either using vcn or the CodeNotary dashboard
  7. you can also have private and public assets (visibility)

The vcn Command can be used on Linux, MacOS or Microsoft Windows:

CodeNotary vcn command line tool

Quick Tip: You need to start with vcn login to setup your keypair to start signing. And it might take up to 10 minutes before you can start signing, as some smart contracts need to be triggered.

In case you only want to use vcn to verify existing files, there is no need to login.

When using vcn for Windows things get even simpler based on the Windows Explorer integration. That makes it very convenient to sign or verify files while browsing within the Windows File Explorer.

CodeNotary vcn within explorer

How to start?

We made it as simple as it can get. It’s a few quick steps and completely free.

The best is to sign up on our landing page for non-commercial projects and then register on our CodeNotary dashboard. Please make sure to use the email address and send the project URL to your non-commercial offering.

We activate your license as fast as possible (usually within a day) and then you’re good to go.

And please don’t forget to leave feedback as we love to get your opinion on our products. You can always use our chat to contact us and get your questions answered.

Metrics and Logs

(formerly, Opvizor Performance Analyzer)

VMware vSphere & Cloud

Monitor and Analyze Performance and Log files:
Performance monitoring for your systems and applications with log analysis (tamperproof using immudb) and license compliance (RedHat, Oracle, SAP and more) in one virtual appliance!

Subscribe to Our Newsletter

Get the latest product updates, company news, and special offers delivered right to your inbox.

Subscribe to our newsletter

Use Case - Tamper-resistant Clinical Trials


Blockchain PoCs were unsuccessful due to complexity and lack of developers.

Still the goal of data immutability as well as client verification is a crucial. Furthermore, the system needs to be easy to use and operate (allowing backup, maintenance windows aso.).


immudb is running in different datacenters across the globe. All clinical trial information is stored in immudb either as transactions or the pdf documents as a whole.

Having that single source of truth with versioned, timestamped, and cryptographically verifiable records, enables a whole new way of transparency and trust.

Use Case - Finance


Store the source data, the decision and the rule base for financial support from governments timestamped, verifiable.

A very important functionality is the ability to compare the historic decision (based on the past rulebase) with the rulebase at a different date. Fully cryptographic verifiable Time Travel queries are required to be able to achieve that comparison.


While the source data, rulebase and the documented decision are stored in verifiable Blobs in immudb, the transaction is stored using the relational layer of immudb.

That allows the use of immudb’s time travel capabilities to retrieve verified historic data and recalculate with the most recent rulebase.

Use Case - eCommerce and NFT marketplace


No matter if it’s an eCommerce platform or NFT marketplace, the goals are similar:

  • High amount of transactions (potentially millions a second)
  • Ability to read and write multiple records within one transaction
  • prevent overwrite or updates on transactions
  • comply with regulations (PCI, GDPR, …)


immudb is typically scaled out using Hyperscaler (i. e. AWS, Google Cloud, Microsoft Azure) distributed across the Globe. Auditors are also distributed to track the verification proof over time. Additionally, the shop or marketplace applications store immudb cryptographic state information. That high level of integrity and tamper-evidence while maintaining a very high transaction speed is key for companies to chose immudb.

Use Case - IoT Sensor Data


IoT sensor data received by devices collecting environment data needs to be stored locally in a cryptographically verifiable manner until the data is transferred to a central datacenter. The data integrity needs to be verifiable at any given point in time and while in transit.


immudb runs embedded on the IoT device itself and is consistently audited by external probes. The data transfer to audit is minimal and works even with minimum bandwidth and unreliable connections.

Whenever the IoT devices are connected to a high bandwidth, the data transfer happens to a data center (large immudb deployment) and the source and destination date integrity is fully verified.

Use Case - DevOps Evidence


CI/CD and application build logs need to be stored auditable and tamper-evident.
A very high Performance is required as the system should not slow down any build process.
Scalability is key as billions of artifacts are expected within the next years.
Next to a possibility of integrity validation, data needs to be retrievable by pipeline job id or digital asset checksum.


As part of the CI/CD audit functionality, data is stored within immudb using the Key/Value functionality. Key is either the CI/CD job id (i. e. Jenkins or GitLab) or the checksum of the resulting build or container image.

White Paper — Registration

We will also send you the research paper
via email.

CodeNotary — Webinar

White Paper — Registration

Please let us know where we can send the whitepaper on CodeNotary Trusted Software Supply Chain. 

Become a partner

Start Your Trial

Please enter contact information to receive an email with the virtual appliance download instructions.

Start Free Trial

Please enter contact information to receive an email with the free trial details.