Codenotary has released Codenotary Cloud, a low-cost way to identify where a vulnerability like Log4j resides.
Codenotary Cloud lowers the cost of detecting and analyzing unnecessary artifacts by up to 80%, ensuring compliance with the United States’ Executive Order on Improving National Cybersecurity.
Codenotary Cloud offers an end-to-end trusted software supply chain that is both authentic and trustworthy. It can scale to millions of integrity verifications per second and provides a way for developers to attach a tamper-proof SBOM for development artifacts such as source code, builds, repositories, and more, as well as Docker container images for their software and Kubernetes deployments. Customers, auditors, and compliance professionals can all see them right away through the SBOM.
The Co-founder and CEO, Codenotary, Moshe Bar said, “A vulnerability scan tells you a malware is present, but then the problem is you need to find all the places it exists and that can often take weeks or months. With Codenotary Cloud, it’s possible to do that in seconds – with the ability to create, track, and query your software including the Software Bill of Materials (SBOM).”
Most vulnerability scanners and major cloud-native continuous integration/continuous delivery (CI/CD) solutions can be fully integrated with Codenotary Cloud. The DevOps attestation service is available as a managed service on any cloud or host, or customers can host it themselves.