DEVOPSdigest

Codenotary launched SBOM Operator for Kubernetes in both its open source Community Attestation Service, as well as Codenotary’s Trustcenter, the company’s flagship product, that mitigates the risk of software supply chain attacks by tracking all software and software dependencies running in Kubernetes.

Codenotary provides a way to generate SBOMs (Software Bill of Materials) of running container images and maintaining up-to-date records of all builds, and dependencies. This allows for immediate risk mitigation in the event that unwanted, dangerous or vulnerable artifacts are detected.

All SBOM information is continuously updated and versioned to include any changes in deployments, then stored in a tamper-proof, auditable database. That information is instantly available for search so that the location of software artifacts can be pinpointed in seconds, and the history of image content changes verified, which is essential to maintaining a secure software supply chain.

The new SBOM Operator for Kubernetes helps enterprises comply with the U.S. Executive Order on Improving the Nation’s Cybersecurity, which includes maintaining a Software Bill of Materials (SBOM), as well as the SLSA security framework to ensure trust in the software supply chain.

“By itself, the SBOM is not very useful without continuously being updated and maintained as the information is deprecated with every new deployment or update,” said Dennis Zimmer, co-founder and CTO, Codenotary. “Now, users know exactly what is running in containers, with the most recent information so they have the ability to immediately remediate something if necessary.”

SBOM Operator is an open source community project – supported by Codenotary – to store SBOM information about container images as files in a Git repository and has been extended to support both Community Attestation Service, as well as Trustcenter, which are tamper-proof, versioned and fully searchable.