With new addition, company's cloud solution boasts end-to-end protection of software supply chain. Credit: Maximusnd / Getty Images Codenotary, a software supply chain security provider, has announced new features to its cloud offering, including built-in vulnerability scanning. With the addition of scanning, the company’s cloud solution can provide end-to-end protection for a supply chain, from checking for vulnerabilities to ensuring the provenance of software artifacts.According to the company, Codenotary Cloud, which was announced last month, can almost instantly identify and remove unwanted artifacts by up to 80%. What’s more, it’s compliant with President Joe Biden’s Executive Order on Improving the Nation’s Cybersecurity.The solution can be scaled to millions of integrity verifications per second. One deployment of the service, for example, supports an organization with 20,000 developers who daily produce 40,000 software builds that each contain 3,000 dependencies.Builds the SBOM without uploading data to the serviceCodenotary Cloud also gives developers a way to attach a tamper-proof software bill of materials for development artifacts that include source code, builds and repositories. The SBOM can make artifacts instantly visible to customers, auditors and compliance professionals. The service builds the SBOM without uploading any data to the service. Instead, it notarizes the artifacts using tamper-proof cryptographic verification to uniquely identify them. Each development artifact retains a cryptographically strong identity stored in the service’s open-source immutable database.Codenotary’s service can be integrated with most popular cloud-native CI/CD systems. The company’s DevOps attestation service runs as a managed service or customers can host it themselves. Pricing starts at $5,500 for a workgroup of 10 developers. Software supply chain a target for attackersProtecting software supply chains has become more important because they’ve become an attractive target of threat actors. “The perimeter of organizations has become increasingly difficult to penetrate,” says Codenotary co-founder and CEO Moshe Bar. “On top of that, a lot of the workloads have shifted to Google Cloud, AWS and Azure. They’re even more difficult to penetrate because they have hundreds of people in the cloud very carefully monitoring them.”“On the other hand,” Bar adds, “as we’ve seen the last couple of years, no one really checks what’s going on with all these open-source tools and packages. It’s much easier to put something in there and from there have the developers import the bad stuff. You infect one supply chain, you can be in thousands of places tomorrow while breaking through a thousand perimeters is going to be very difficult.”“The longevity of a hack in the DevOps process can be huge,” Bar says. “With the SolarWinds hack, to this day, about 40% of the infections remain unmitigated. So, a software supply chain is a much juicier target for the bad guys.” Related content news Is China waging a cyber war with Taiwan? Nation-state hacking groups based in China have sharply ramped up cyberattacks against Taiwan this year, according to multiple reports. By Gagandeep Kaur Dec 01, 2023 4 mins Cyberattacks Government news Apple patches info-stealing, zero day bugs in iPads and Macs The vulnerabilities that can allow the leaking of sensitive information and enable arbitrary code execution have had exploitations in the wild. By Shweta Sharma Dec 01, 2023 3 mins Zero-day vulnerability feature The CSO guide to top security conferences Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you. By CSO Staff Dec 01, 2023 6 mins Technology Industry IT Skills Events news Conti-linked ransomware takes in $107 million in ransoms: Report A ransomware campaign linked to the ostensibly defunct Conti malware group has targeted mostly US businesses, in a costly series of attacks. By Jon Gold Nov 30, 2023 4 mins Ransomware Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe