Codenotary First to Provide Continuously Updated and Fully Searchable Tamper-Proof Information about Software Components in Container Images

SBOM Operator for Kubernetes allows users to continuously be aware of all software and software dependencies running in Kubernetes

Codenotary, leaders in software supply chain security, launched SBOM Operator for Kubernetes in both its open source Community Attestation Service, as well as Codenotary’s Trustcenter, the company’s flagship product, that mitigates the risk of software supply chain attacks by tracking all software and software dependencies running in Kubernetes. Codenotary provides the easiest way to generate SBOMs (Software Bill of Materials) of running container images and maintaining up-to-date records of all builds, and dependencies. This allows for immediate risk mitigation in the event that unwanted, dangerous or vulnerable artifacts are detected.

Latest Aithority Insights: Why Contextual Targeting Deserves Another Look with Artificial Intelligence (AI)

“By itself, the SBOM is not very useful without continuously being updated and maintained as the information is deprecated with every new deployment or update”

All SBOM information is continuously updated and versioned to include any changes in deployments, then stored in a tamper-proof, auditable database. That information is instantly available for search so that the location of software artifacts can be pinpointed in seconds, and the history of image content changes verified, which is essential to maintaining a secure software supply chain.

The new SBOM Operator for Kubernetes helps enterprises comply with the U.S. Executive Order on Improving the Nation’s Cybersecurity, which includes maintaining a Software Bill of Materials (SBOM), as well as the SLSA security framework to ensure trust in the software supply chain.

“By itself, the SBOM is not very useful without continuously being updated and maintained as the information is deprecated with every new deployment or update,” said Dennis Zimmer, co-founder and chief technology officer, Codenotary. “Now, users know exactly what is running in containers, with the most recent information so they have the ability to immediately remediate something if necessary.”

AI and ML News: Why SMBs Shouldn’t Be Afraid of Artificial Intelligence (AI)

SBOM Operator is an open source community project – supported by Codenotary – to store SBOM information about container images as files in a Git repository and has been extended to support both Community Attestation Service, as well as Trustcenter, which are tamper-proof, versioned and fully searchable.

“I am pleased to contribute to the wider adoption and use of SBOMs with the Codenotary integration in my Kubernetes operator, especially the additional security, timestamp and search capabilities across the infrastructure were key to developing the extension,” said Christian Kotzbauer.

Codenotary provides tools for cataloging and trusting components of the software development lifecycle which help attest to the origin and safety of the code. The company further enhances this core functionality by providing an additional tamper-proof layer which processes and stores millions of transactions per second, on-premises or as a cloud service, and with cryptographic verification. It gives developers and DevOps engineers a way to attach a Software Bill of Materials (SBOM) for development artifacts that include source code, builds, repositories, and more, plus Docker and Kubernetes container images for their software.

Read More About AI News : AI Innovation Supports Rural and Remote Internet Connectivity

[To share your insights with us, please write to sghosh@martechseries.com]