identifies and tracks artifacts to quickly
react to risky components and meet compliance objectives.
Real-time tracking of attestations and vendor risk profiles.
What our customers love about us
- Risk management:
Know in real time new threats arising from existing in-house developed and external applications.
- Focus on real threats:
Filter out real threats by eliminating false positives.
- VEX curation:
Manage the real impact of found vulnerabilities by applying curated VEX.
- Effective notification:
Get notifications when real intervention is required or a software supplier needs to update their software.
- Vendor risk profile:
Create and maintain a software vendor risk profile for procurement, CISO office or application owner.
Continuously track attestation, vendors’s and vendor’s application risk profile over time.
Point to actions to take to reduce the risk of vulnerabilities or exploits.
Stay alerted by subscribing to the risk and risk changes by application, application stack or dependency.
Identification and tracking of artifacts
World class SBOM management
Support all SBOMs standards (import, export)
Risk scoring for your apps
Runtime protection from unwanted components
Isolation of dangerous artifacts
Industry Leading SBOM management
Import and export SBOMs from any format to any format. Generate detailed SBOMs for open source applications or containers. Analyze and gain new insights from your SBOMs.
Secure the integrity of software supply chains and all the components used.
Create an ongoing curated list of the vulnerabilities and exploits based on the particular organization's needs. Manage vendor VEX information and SBOMs in one dashboard.
Leverage the combination of SBOMs, VEX, and Context awareness for meaningful risk mitigation.
Trusted artifacts exclusively
Unauthorized access to software repositories and build systems allows attackers to insert malicious code and components into software to be released. Trustcenter alerts you whenever unknown and/or trust components are detected!
Only bake components into their applications that are known and trusted.
Track your components
Discover and catalog your workloads across all environments and track all the components in your software projects and their dependencies.
Trustcenter supports billions of artifacts!
Track the lifecycle of components
Tracking of the change in status of all components with a tamperproof audit trail.
Auditable provenance and tracking and reporting.
Enforce the deployment of container images built with known and trusted components.
Re-evaluate all components continuously at rest and at runtime.
END-TO-END TRACKING FOR APPLICATION AND THEIR COMPONENTS
Codenotary is the leader in software supply chain security, protecting over 55,000 software projects today.
Find and remove all unwanted artifacts (like Log4j) within minutes instead of days or weeks.
Expose security issues earlier and lower remediation costs by up to 80%
Comply with and monitor cybersecurity regulation and auditor demands
Manage and Analyze SBOM and VEX
Produce accurate SBOMs or import SBOMs from external vendors
- Support for CycloneDX, VEX and SPDX
- Automatically generate precise VEX file
- Manage versions of SBOMs and VEX
- Trust or untrust components within individual projects
Know your components
Detection and management of application components
Maintain an open-source list with continuous updates
- Generate SBOMs for open-source applications
- Manage imported SBOMs from software vendors
Keep an eye on all the open source components in your software and their dependencies
Tracking of provenance and trust level of each component
Know what's exploitable
Quickly search and spot any open-source components in your software and know the risk scores
- Search and discover known vulnerable components such as Log4j
- Using runtime analysis, see if the discovered components are exploitable
- Detect license violations
Map your component journey
From CI/CD pipeline to apps to production
- Monitor and track the dependencies of your app silos and establish cryptographic provenance for your artifact
- Comply with artifact attestation guidelines like in-toto
Patent pending TrueSBOM® technology
Using our TrueSBOM® technology, the latest SBOM of running applications can be extracted
- TrueSBOM® monitors changes in your components at runtime, even for self-updating applications
- X-ray of all container image layers, independent of the source and language
- Detects encrypted code when loaded (f. e. encrypted Java files)
Some of our integrations
- CI/CD and SCM tools
- Docker and OCI registries
- Several vulnerability scanners (Snyk, Aqua, JFrog)
- Bindings for Java, C++, Python, NodeJS, Go, Rust, PHP
- Digital Signature platforms