With new addition, company's cloud solution boasts end-to-end protection of software supply chain. Credit: Maximusnd / Getty Images Codenotary, a software supply chain security provider, has announced new features to its cloud offering, including built-in vulnerability scanning. With the addition of scanning, the company’s cloud solution can provide end-to-end protection for a supply chain, from checking for vulnerabilities to ensuring the provenance of software artifacts.According to the company, Codenotary Cloud, which was announced last month, can almost instantly identify and remove unwanted artifacts by up to 80%. What’s more, it’s compliant with President Joe Biden’s Executive Order on Improving the Nation’s Cybersecurity.The solution can be scaled to millions of integrity verifications per second. One deployment of the service, for example, supports an organization with 20,000 developers who daily produce 40,000 software builds that each contain 3,000 dependencies.Builds the SBOM without uploading data to the serviceCodenotary Cloud also gives developers a way to attach a tamper-proof software bill of materials for development artifacts that include source code, builds and repositories. The SBOM can make artifacts instantly visible to customers, auditors and compliance professionals. The service builds the SBOM without uploading any data to the service. Instead, it notarizes the artifacts using tamper-proof cryptographic verification to uniquely identify them. Each development artifact retains a cryptographically strong identity stored in the service’s open-source immutable database.Codenotary’s service can be integrated with most popular cloud-native CI/CD systems. The company’s DevOps attestation service runs as a managed service or customers can host it themselves. Pricing starts at $5,500 for a workgroup of 10 developers. Software supply chain a target for attackersProtecting software supply chains has become more important because they’ve become an attractive target of threat actors. “The perimeter of organizations has become increasingly difficult to penetrate,” says Codenotary co-founder and CEO Moshe Bar. “On top of that, a lot of the workloads have shifted to Google Cloud, AWS and Azure. They’re even more difficult to penetrate because they have hundreds of people in the cloud very carefully monitoring them.”“On the other hand,” Bar adds, “as we’ve seen the last couple of years, no one really checks what’s going on with all these open-source tools and packages. It’s much easier to put something in there and from there have the developers import the bad stuff. You infect one supply chain, you can be in thousands of places tomorrow while breaking through a thousand perimeters is going to be very difficult.”“The longevity of a hack in the DevOps process can be huge,” Bar says. “With the SolarWinds hack, to this day, about 40% of the infections remain unmitigated. So, a software supply chain is a much juicier target for the bad guys.” Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe