Codenotary Launches SBOM Operator for Kubernetes
July 18, 2022

Codenotary launched SBOM Operator for Kubernetes in both its open source Community Attestation Service, as well as Codenotary’s Trustcenter, the company’s flagship product, that mitigates the risk of software supply chain attacks by tracking all software and software dependencies running in Kubernetes.

Codenotary provides a way to generate SBOMs (Software Bill of Materials) of running container images and maintaining up-to-date records of all builds, and dependencies. This allows for immediate risk mitigation in the event that unwanted, dangerous or vulnerable artifacts are detected.

All SBOM information is continuously updated and versioned to include any changes in deployments, then stored in a tamper-proof, auditable database. That information is instantly available for search so that the location of software artifacts can be pinpointed in seconds, and the history of image content changes verified, which is essential to maintaining a secure software supply chain.

The new SBOM Operator for Kubernetes helps enterprises comply with the U.S. Executive Order on Improving the Nation’s Cybersecurity, which includes maintaining a Software Bill of Materials (SBOM), as well as the SLSA security framework to ensure trust in the software supply chain.

“By itself, the SBOM is not very useful without continuously being updated and maintained as the information is deprecated with every new deployment or update,” said Dennis Zimmer, co-founder and CTO, Codenotary. “Now, users know exactly what is running in containers, with the most recent information so they have the ability to immediately remediate something if necessary.”

SBOM Operator is an open source community project – supported by Codenotary – to store SBOM information about container images as files in a Git repository and has been extended to support both Community Attestation Service, as well as Trustcenter, which are tamper-proof, versioned and fully searchable.

Share this

Industry News

September 27, 2022

DevOps Institute will host SKILup Festival in Singapore on November 15, 2022.

September 27, 2022

Delinea announced the latest release of DevOps Secrets Vault, its high-speed vault for DevOps and DevSecOps teams.

September 27, 2022

The Apptainer community announced version 1.1.0 of the popular container system for secure, high-performance computing (HPC). Improvements in the new version provide a smaller attack surface for production deployments while offering features that improve and simplify the user experience.

September 26, 2022

Secure Code Warrior unveiled Coding Labs, a new mechanism that allows developers to more easily move from learning to applying secure coding knowledge, leading to fewer vulnerabilities in code.

September 26, 2022

ActiveState announced the availability of the ActiveState Artifact Repository.

September 26, 2022

Split Software announced the availability of its Feature Data Platform in the Microsoft Azure Marketplace.

September 22, 2022

Katalon announced the launch of the Katalon Platform, a modern and comprehensive software quality management platform that enables teams of any size to easily and efficiently test, launch, and optimize apps, products, and software.

September 22, 2022

StackHawk announced its Deeper API Security Test Coverage release.

September 21, 2022

Platform9 announced the launch of its latest open source project, Arlon.

September 21, 2022

Redpanda Data announced Redpanda Console.

September 21, 2022

mabl announced its availability as a private listing on Google Cloud Marketplace.

September 21, 2022

Zesty announced a $75 million Series B funding round led by B Capital and Series A investor Sapphire Ventures.

September 20, 2022

Opsera, the Continuous Orchestration platform for DevOps, announced a free trial of its no-code Salesforce Release Management platform for fast and secure Salesforce releases.

September 20, 2022

Sysdig announced ToDo and Remediation Guru.

September 20, 2022

AutoRABIT announced CodeScan Shield.