Codenotary introduced SBOM Operator for Kubernetes in its open-source Community Attestation Service and for its flagship, Codenotary’s Trustcenter. It tracks all software and related dependencies running in Kubernetes and lessens the risk of software supply chain attacks.
With Codenotary, it’s simple to create SBOMs (Software Bill of Materials) for running container images and keeping track of all builds and dependencies. It enables immediate risk mitigation if unwanted or dangerous artifacts are discovered.
Dennis Zimmer, co-founder, and chief technology officer of Codenotary commented, “By itself, the SBOM is not very useful without continuously being updated and maintained as the information is deprecated with every new deployment or update. Now, users know exactly what is running in containers, with the most recent information so they have the ability to immediately remediate something if necessary.”
A tamper-proof, auditable database is used to store all SBOM data after it has been continuously updated, and versioned to reflect any deployment changes. That data is instantly searchable, allowing the location of software artifacts to be pinpointed in seconds and the history of image content changes to be verified, both of which are critical for maintaining a secure software supply chain.
SBOM Operator for Kubernetes assists businesses in meeting the requirements of the United States Executive Order on Improving National Cybersecurity. It entails keeping a Software Bill of Materials (SBOM) and the SLSA security framework up to date to ensure trust in the software supply chain.
SBOM Operator is an open-source community project, supported by Codenotary, that stores SBOM information about container images as files in a Git repository. It has been extended to support both Community Attestation Service and Trustcenter and is tamper-proof, versioned, and fully searchable.
Codenotary provides tools for cataloging and trusting software development lifecycle components, which aid in attesting to the origin and safety of the code. This core functionality is enhanced further by the addition of a tamper-proof layer that processes and stores millions of transactions per second, on-premises or as a cloud service, and with cryptographic verification.
Read more articles: