Codenotary has announced Codenotary Cloud, a fast, easy, inexpensive way to determine where a vulnerability, such as Log4j, exists. According to the company, Codenotary Cloud reduces the cost to almost instantly identify and remove unwanted artifacts by up to 80% and delivers compliance with the U.S. Executive Order on improving the nation’s cybersecurity.
Codenotary Cloud can be scaled to millions of integrity verifications per second and gives developers a way to attach a tamper-proof SBOM for development artifacts that include source code, builds, repositories, and more, plus Docker container images for their software and Kubernetes deployments.
The SBOM can make those instantly visible to customers, auditors and compliance professionals. It is built without uploading any data to the service, instead notarizing these artifacts using tamper-proof cryptographic verification to uniquely identify development artifacts. Each artifact retains a cryptographically strong identity stored in Codenotary’s immutable database, immudb.
Codenotary Cloud can be fully integrated with most vulnerability scanners and popular cloud-native continuous integration/continuous delivery (CI/CD) systems. The DevOps attestation service runs on any cloud or host as a managed service or customers can host themselves. Pricing starts at $5,500 for a workgroup of 10 developers.