Wednesday, June 19, 2024

Codenotary adds Vulnerability Scanning to Further Secure Open-Source Supply Chains

Codenotary announced the addition of the free background vulnerability scanning service combined with a free and open source Community Attestation Service (CAS) code signing and attestation service to further secure open source supply chains.

Gartner predicts that by 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains, a three-fold increase from 2021. The addition of a free vulnerability service to CAS allows cloud native and open source projects to better secure their projects. This additional service scans assets (based on the hashes uploaded) for any known security vulnerability and provides alerts if problematic packages are found in the stack. CAS can also be used to “untrust” any problematic artifacts.

“This is especially unique – a totally free code integrity service that integrates automated, continuous and self-updating vulnerability scanning, delivering alerts when it finds issues,” said Dennis Zimmer, co-founder and chief technology officer, Codenotary. “Users of open source software – and that is pretty much everyone – have a free and easy way to ensure the security of their software supply chain which addresses a big and growing problem”

Codenotary is the primary maintainer of immudb, the first and only open source enterprise-class immutable database with data permanence at scale for demanding applications — up to billions of transactions per day. Codenotary uses immudb to underpin its notarization and verification product. There have been more than 12 million downloads of immudb.

Anyone can start using CAS today to ensure their open source software is secured for themselves and their users.

Codenotary provides tools for cataloging and trusting components of the software development lifecycle which help attest to the origin and safety of the code. The company further enhances this core functionality by providing an additional tamper-proof layer which processes and stores millions of transactions per second, on-premises or as a cloud service, and with cryptographic verification.

Recommended:  Why Layer 8 Is Great

It gives developers a way to attach a Software Bill of Materials (SBOM) for development artifacts that include source code, builds, repositories, and more, plus Docker and Kubernetes container images for their software.

Suggest an edit to this article

Go to Cybersecurity Knowledge Base

Got to the Latest Cybersecurity News

Go to Cybersecurity Academy

Go to Homepage

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for our Weekly Cybersecurity Newsletter Today.

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Bookmark
ClosePlease login
Share the word, let's increase Cybersecurity Awareness as we know it
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

User Avatar
Steven Black (n0tst3)
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK. I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated... I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK. I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

more infosec reads

Subscribe for weekly updates

explore

more

security